Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1342 1 Ibm 1 Insights Foundation For Energy 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.
CVE-2017-1341 1 Ibm 1 Websphere Mq 2026-06-17 4.3 MEDIUM 3.7 LOW
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
CVE-2017-1340 1 Ibm 1 Jazz Reporting Service 2026-06-17 4.0 MEDIUM 5.0 MEDIUM
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
CVE-2017-1339 1 Ibm 1 Tivoli Storage Manager 2026-06-17 2.1 LOW 4.4 MEDIUM
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
CVE-2017-1338 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.
CVE-2017-1337 1 Ibm 1 Websphere Mq 2026-06-17 4.3 MEDIUM 8.1 HIGH
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
CVE-2017-1336 1 Ibm 1 Infosphere Biginsights 2026-06-17 3.6 LOW 4.4 MEDIUM
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.
CVE-2017-1335 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243.
CVE-2017-1334 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242.
CVE-2017-1333 1 Ibm 1 Openpages Grc Platform 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.
CVE-2017-1332 1 Ibm 1 Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.
CVE-2017-1331 1 Ibm 1 Content Navigator 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233.
CVE-2017-1329 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
CVE-2017-1328 1 Ibm 1 Api Connect 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.
CVE-2017-1327 1 Ibm 1 Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.
CVE-2017-1326 1 Ibm 1 Sterling B2b Integrator 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.
CVE-2017-1325 1 Ibm 1 Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
CVE-2017-1324 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.
CVE-2017-1322 1 Ibm 1 Api Connect 2026-06-17 6.4 MEDIUM 8.2 HIGH
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
CVE-2017-1321 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.