Filtered by vendor Ibm
Subscribe
Total
7368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8932 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-3037 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. | |||||
| CVE-2017-1522 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. | |||||
| CVE-2017-1197 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2016-2970 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | |||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
| CVE-2014-8903 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |||||
| CVE-2016-5988 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |||||
| CVE-2017-1458 | 1 Ibm | 1 Qradar Network Security | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | |||||
| CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||||
| CVE-2017-1308 | 1 Ibm | 1 Daeja Viewone | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | |||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | |||||
| CVE-2017-1318 | 1 Ibm | 1 Mq Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | |||||
| CVE-2016-9977 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | |||||
| CVE-2016-9990 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | |||||
| CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | |||||
| CVE-2017-1362 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | |||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | |||||