Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8308 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8987 1 Ibm 1 Maximo Asset Management 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
CVE-2016-8986 1 Ibm 1 Websphere Mq 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
CVE-2016-8982 1 Ibm 1 Infosphere Datastage 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVE-2016-8981 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
CVE-2016-8980 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 7.5 HIGH 8.1 HIGH
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVE-2016-8977 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
CVE-2016-8975 1 Ibm 1 Rhapsody Design Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.
CVE-2016-8974 1 Ibm 1 Rational Rhapsody Design Manager 2026-06-17 7.5 HIGH 8.1 HIGH
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.
CVE-2016-8973 1 Ibm 1 Rational Rhapsody Design Manager 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
CVE-2016-8972 1 Ibm 2 Aix, Vios 2026-06-17 7.2 HIGH 7.8 HIGH
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2016-8971 1 Ibm 1 Websphere Mq 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
CVE-2016-8968 1 Ibm 1 Rational Collaborative Lifecycle Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
CVE-2016-8967 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-8966 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2016-8964 1 Ibm 2 Bigfix Inventory, License Metric Tool 2026-06-17 5.0 MEDIUM 9.8 CRITICAL
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
CVE-2016-8963 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
CVE-2016-8962 1 Ibm 1 Bigfix Inventory 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
CVE-2016-8961 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2026-06-17 5.8 MEDIUM 6.1 MEDIUM
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2016-8960 1 Ibm 1 Cognos Business Intelligence 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
CVE-2016-8954 1 Ibm 1 Dashdb Local 2026-06-17 7.5 HIGH 9.8 CRITICAL
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.