Filtered by vendor Ibm
Subscribe
Total
7809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5952 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. | |||||
| CVE-2013-0596 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6325 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. | |||||
| CVE-2009-2747 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. | |||||
| CVE-2011-1307 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 2.1 LOW | N/A |
| The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. | |||||
| CVE-2012-2169 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. | |||||
| CVE-2012-2187 | 1 Ibm | 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | |||||
| CVE-2010-0715 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. | |||||
| CVE-2013-6728 | 1 Ibm | 1 Websphere Dashboard Framework | 2025-04-11 | 5.8 MEDIUM | N/A |
| The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. | |||||
| CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | |||||
| CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 1.5 LOW | N/A |
| IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||||
| CVE-2011-4160 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Operations Agent, Performance Agent and 3 more | 2025-04-11 | 3.2 LOW | N/A |
| Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. | |||||
| CVE-2013-6735 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. | |||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | 9.0 HIGH | N/A |
| Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | |||||
| CVE-2011-4708 | 1 Ibm | 1 Rational Asset Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4821 | 2 Ibm, Tivoli Storage Productivity Center | 16 Java, Lotus Domino, Lotus Notes and 13 more | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. | |||||
| CVE-2013-5375 | 1 Ibm | 1 Java | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. | |||||
| CVE-2013-6305 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | |||||
| CVE-2012-2163 | 1 Ibm | 1 Scale Out Network Attached Storage | 2025-04-11 | 9.0 HIGH | N/A |
| IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. | |||||