Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8308 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9977 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
CVE-2016-9976 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2026-06-17 6.8 MEDIUM 8.4 HIGH
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
CVE-2016-9975 1 Ibm 2 Dashboard Application Services Hub, Jazz For Service Management 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.
CVE-2016-9973 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
CVE-2016-9972 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.
CVE-2016-9879 2 Ibm, Vmware 2 Websphere Application Server, Spring Security 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
CVE-2016-9795 6 Broadcom, Ca, Hp and 3 more 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more 2026-06-17 7.2 HIGH 7.8 HIGH
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
CVE-2016-9750 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.
CVE-2016-9749 1 Ibm 1 Campaign 2026-06-17 2.1 LOW 4.0 MEDIUM
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
CVE-2016-9748 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
CVE-2016-9747 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-9746 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Team Concert 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.
CVE-2016-9740 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 7.8 HIGH 7.5 HIGH
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.
CVE-2016-9739 1 Ibm 1 Security Identity Manager 2026-06-17 2.1 LOW 7.8 HIGH
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-9738 1 Ibm 1 Qradar Security Information And Event Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.
CVE-2016-9737 1 Ibm 1 Tririga Application Platform 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
CVE-2016-9736 1 Ibm 1 Websphere Application Server 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.
CVE-2016-9735 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
CVE-2016-9733 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Team Concert 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
CVE-2016-9732 1 Ibm 1 Curam Social Program Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.