Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8308 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1092 1 Ibm 1 Informix Open Admin Tool 2026-06-17 10.0 HIGH 9.8 CRITICAL
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVE-2017-17689 16 9folders, Apple, Bloop and 13 more 17 Nine, Mail, Airmail and 14 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2017-1000255 2 Ibm, Linux 3 Powerpc Power8, Powerpc Power9, Linux Kernel 2026-06-17 6.6 MEDIUM 5.5 MEDIUM
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.
CVE-2016-9994 1 Ibm 1 Kenexa Lcms Premier 2026-06-17 6.5 MEDIUM 7.1 HIGH
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.
CVE-2016-9993 1 Ibm 1 Kenexa Lcms Premier 2026-06-17 6.5 MEDIUM 7.1 HIGH
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.
CVE-2016-9992 1 Ibm 1 Kenexa Lcms Premier 2026-06-17 6.5 MEDIUM 7.1 HIGH
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.
CVE-2016-9991 1 Ibm 1 Sterling Selling And Fulfillment Foundation 2026-06-17 6.0 MEDIUM 8.0 HIGH
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.
CVE-2016-9990 1 Ibm 1 Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.
CVE-2016-9989 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.
CVE-2016-9988 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.
CVE-2016-9987 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
CVE-2016-9986 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552.
CVE-2016-9985 1 Ibm 1 Cognos Business Intelligence 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
CVE-2016-9984 1 Ibm 1 Maximo Asset Management 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
CVE-2016-9983 1 Ibm 1 Sterling B2b Integrator 2026-06-17 3.5 LOW 5.3 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.
CVE-2016-9982 1 Ibm 1 Sterling B2b Integrator 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.
CVE-2016-9981 1 Ibm 1 Security Appscan 2026-06-17 6.8 MEDIUM 8.1 HIGH
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257
CVE-2016-9980 1 Ibm 1 Curam Social Program Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
CVE-2016-9979 1 Ibm 1 Curam Social Program Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
CVE-2016-9978 1 Ibm 1 Curam Social Program Management 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.