Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1179 1 Ibm 1 Bigfix Security Compliance Analytics 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
CVE-2017-1178 1 Ibm 1 Bigfix Security Compliance Analytics 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430.
CVE-2017-1177 1 Ibm 1 Bigfix Compliance 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.
CVE-2017-1176 1 Ibm 1 Maximo Asset Management 2026-06-17 2.1 LOW 3.3 LOW
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
CVE-2017-1175 1 Ibm 1 Maximo Asset Management 2026-06-17 7.5 HIGH 9.8 CRITICAL
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.
CVE-2017-1174 1 Ibm 1 Sterling B2b Integrator 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
CVE-2017-1171 1 Ibm 1 Tririga Application Platform 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.
CVE-2017-1170 1 Ibm 1 Websphere Commerce 2026-06-17 4.6 MEDIUM 5.3 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
CVE-2017-1169 1 Ibm 1 Rational Collaborative Lifecycle Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
CVE-2017-1168 1 Ibm 1 Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
CVE-2017-1164 1 Ibm 1 Rational Collaborative Lifecycle Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
CVE-2017-1162 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.
CVE-2017-1161 1 Ibm 1 Api Connect 2026-06-17 7.5 HIGH 7.3 HIGH
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956.
CVE-2017-1160 1 Ibm 1 Financial Transaction Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.
CVE-2017-1159 1 Ibm 1 Business Process Manager 2026-06-17 4.9 MEDIUM 5.4 MEDIUM
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.
CVE-2017-1157 1 Ibm 1 Jazz Reporting Service 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.
CVE-2017-1156 1 Ibm 1 Websphere Portal 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
CVE-2017-1155 1 Ibm 1 Algo One 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
CVE-2017-1154 1 Ibm 1 Algo One 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.
CVE-2017-1153 1 Ibm 1 Tririga Application Platform 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.