Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8273 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1460 1 Ibm 1 I 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.
CVE-2017-1459 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more 2026-06-17 4.9 MEDIUM 4.2 MEDIUM
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
CVE-2017-1458 1 Ibm 1 Qradar Network Security 2026-06-17 5.5 MEDIUM 8.1 HIGH
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.
CVE-2017-1457 1 Ibm 1 Qradar Network Security 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.
CVE-2017-1453 1 Ibm 1 Security Access Manager 9.0 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
CVE-2017-1452 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2026-06-17 7.2 HIGH 7.8 HIGH
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
CVE-2017-1451 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2026-06-17 7.2 HIGH 7.8 HIGH
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.
CVE-2017-1450 1 Ibm 1 Emptoris Sourcing 2026-06-17 5.8 MEDIUM 6.1 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
CVE-2017-1449 1 Ibm 1 Emptoris Sourcing 2026-06-17 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
CVE-2017-1448 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2026-06-17 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
CVE-2017-1447 1 Ibm 1 Emptoris Sourcing 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
CVE-2017-1446 1 Ibm 1 Emptoris Spend Analysis 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171.
CVE-2017-1445 1 Ibm 1 Emptoris Spend Analysis 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.
CVE-2017-1444 1 Ibm 1 Emptoris Sourcing 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
CVE-2017-1443 1 Ibm 1 Emptoris Services Procurement 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109.
CVE-2017-1442 1 Ibm 1 Emptoris Services Procurement 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
CVE-2017-1441 1 Ibm 1 Emptoris Services Procurement 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
CVE-2017-1440 1 Ibm 1 Emptoris Services Procurement 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105.
CVE-2017-1439 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2026-06-17 7.2 HIGH 6.7 MEDIUM
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
CVE-2017-1438 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2026-06-17 7.2 HIGH 6.7 MEDIUM
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.