Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1299 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161.
CVE-2017-1297 3 Ibm, Linux, Microsoft 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more 2026-06-17 4.4 MEDIUM 7.3 HIGH
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVE-2017-1295 1 Ibm 1 Rational Collaborative Lifecycle Management 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
CVE-2017-1294 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155.
CVE-2017-1293 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154.
CVE-2017-1292 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
CVE-2017-1291 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
CVE-2017-1290 1 Ibm 1 Openpages Grc Platform 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.
CVE-2017-1289 1 Ibm 1 Sdk 2026-06-17 6.4 MEDIUM 8.2 HIGH
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
CVE-2017-1287 1 Ibm 1 Rhapsody Design Manager 2026-06-17 4.9 MEDIUM 5.4 MEDIUM
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2017-1286 1 Ibm 1 Urbancode Deploy 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.
CVE-2017-1285 1 Ibm 1 Websphere Mq 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
CVE-2017-1284 1 Ibm 1 Websphere Mq 2026-06-17 1.9 LOW 4.7 MEDIUM
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
CVE-2017-1283 1 Ibm 1 Websphere Mq 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
CVE-2017-1282 1 Ibm 1 Content Navigator 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.
CVE-2017-1281 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759.
CVE-2017-1280 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.
CVE-2017-1279 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.
CVE-2017-1278 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
CVE-2017-1277 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752.