Filtered by vendor Ibm
Subscribe
Total
8223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6301 | 1 Ibm | 1 Algo One | 2026-04-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333. | |||||
| CVE-2013-0482 | 1 Ibm | 2 Websphere Application Server, Websphere Message Broker | 2026-04-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. | |||||
| CVE-2012-3293 | 1 Ibm | 1 Websphere Application Server | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. | |||||
| CVE-2014-0874 | 1 Ibm | 1 Content Navigator | 2026-04-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2013-3033 | 1 Ibm | 1 Tivoli Remote Control | 2026-04-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-0551 | 1 Ibm | 2 Application Manager For Smart Business, Tivoli Monitoring | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. | |||||
| CVE-2013-0568 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-04-29 | 4.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, and CVE-2013-0567. | |||||
| CVE-2013-6749 | 1 Ibm | 1 Lotus Quickr For Domino | 2026-04-29 | 7.5 HIGH | N/A |
| Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748. | |||||
| CVE-2013-6724 | 1 Ibm | 1 Spss Samplepower | 2026-04-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |||||
| CVE-2011-1822 | 1 Ibm | 1 Tivoli Directory Server | 2026-04-29 | 2.1 LOW | N/A |
| The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. | |||||
| CVE-2012-2176 | 1 Ibm | 1 Lotus Quickr | 2026-04-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method. | |||||
| CVE-2013-3988 | 1 Ibm | 1 Sametime | 2026-04-29 | 6.8 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2010-4604 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2026-04-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe. | |||||
| CVE-2013-0532 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. | |||||
| CVE-2012-3295 | 1 Ibm | 1 Websphere Mq | 2026-04-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. | |||||
| CVE-2013-5427 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2011-1372 | 1 Ibm | 4 Ts3100 Tape Library, Ts3100 Tape Library Firmware, Ts3200 Tape Library and 1 more | 2026-04-29 | 6.8 MEDIUM | N/A |
| The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2012-0193 | 1 Ibm | 1 Websphere Application Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2011-1396 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. | |||||
| CVE-2011-0916 | 1 Ibm | 1 Lotus Domino | 2026-04-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H. | |||||