Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1368 1 Ibm 1 Security Identity Governance And Intelligence 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861.
CVE-2017-1367 1 Ibm 1 Security Identity Governance And Intelligence 2026-06-17 5.0 MEDIUM 3.7 LOW
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860.
CVE-2017-1366 1 Ibm 1 Security Identity Governance And Intelligence 2026-06-17 5.0 MEDIUM 5.9 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.
CVE-2017-1365 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
CVE-2017-1364 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857.
CVE-2017-1363 1 Ibm 1 Rational Collaborative Lifecycle Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.
CVE-2017-1362 1 Ibm 1 Security Identity Manager 2026-06-17 2.1 LOW 7.8 HIGH
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
CVE-2017-1359 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686.
CVE-2017-1357 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
CVE-2017-1356 1 Ibm 1 Atlas Ediscovery Process Management 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
CVE-2017-1355 1 Ibm 1 Atlas Ediscovery Process Management 2026-06-17 4.3 MEDIUM 3.7 LOW
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.
CVE-2017-1354 1 Ibm 1 Atlas Ediscovery Process Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681.
CVE-2017-1353 1 Ibm 1 Atlas Ediscovery Process Management 2026-06-17 3.5 LOW 3.5 LOW
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.
CVE-2017-1352 1 Ibm 1 Maximo Asset Management 2026-06-17 6.0 MEDIUM 5.5 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
CVE-2017-1350 1 Ibm 1 Infosphere Information Server 2026-06-17 7.2 HIGH 8.4 HIGH
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.
CVE-2017-1349 1 Ibm 1 Sterling B2b Integrator 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
CVE-2017-1348 1 Ibm 1 Sterling B2b Integrator 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.
CVE-2017-1347 1 Ibm 1 Sterling B2b Integrator 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
CVE-2017-1346 1 Ibm 1 Business Process Manager 2026-06-17 1.9 LOW 2.5 LOW
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.
CVE-2017-1345 1 Ibm 1 Insights Foundation For Energy 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460.