Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0142 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | |||||
| CVE-2016-2933 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 6.8 MEDIUM | 6.8 MEDIUM |
| Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | |||||
| CVE-2015-4997 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 6.8 MEDIUM | N/A |
| IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | |||||
| CVE-2014-0884 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3066 | 1 Ibm | 1 Tivoli Endpoint Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-1904 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 3.5 LOW | N/A |
| IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. | |||||
| CVE-2016-3452 | 4 Ibm, Mariadb, Oracle and 1 more | 5 Powerkvm, Mariadb, Linux and 2 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
| CVE-2015-1982 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
| CVE-2014-6185 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | 7.2 HIGH | N/A |
| dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file. | |||||
| CVE-2015-5024 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. | |||||
| CVE-2015-0108 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. | |||||
| CVE-2015-7466 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 4.0 MEDIUM | 3.1 LOW |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | |||||
| CVE-2014-3075 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file. | |||||
| CVE-2016-3000 | 1 Ibm | 1 Connections | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. | |||||
| CVE-2015-4929 | 1 Ibm | 1 License Metric Tool | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | |||||
| CVE-2014-0876 | 3 Apple, Ibm, Microsoft | 3 Mac Os X, Tivoli Storage Manager, Windows | 2025-04-12 | 2.1 LOW | N/A |
| Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors. | |||||
| CVE-2015-1938 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | |||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-0453 | 6 Canonical, Debian, Ibm and 3 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | |||||
| CVE-2016-0666 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2025-04-12 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. | |||||