Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8934 1 Ibm 1 Websphere Application Server 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8933 1 Ibm 1 Kenexa Lms 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8932 1 Ibm 1 Kenexa Lms 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931 1 Ibm 1 Kenexa Lms 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930 1 Ibm 1 Kenexa Lms 2026-06-17 6.5 MEDIUM 7.6 HIGH
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8929 1 Ibm 1 Kenexa Lms 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928 1 Ibm 1 Kenexa Lms 2026-06-17 6.5 MEDIUM 7.6 HIGH
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8927 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.
CVE-2016-8926 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.
CVE-2016-8925 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2026-06-17 6.8 MEDIUM 6.5 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.
CVE-2016-8924 1 Ibm 1 Maximo Asset Management 2026-06-17 4.3 MEDIUM 5.6 MEDIUM
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
CVE-2016-8923 1 Ibm 1 Curam Social Program Management 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
CVE-2016-8922 1 Ibm 2 Web Content Manager Production Analytics, Websphere Portal 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8921 1 Ibm 1 Filenet Workplace Xt 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8920 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8919 1 Ibm 1 Websphere Application Server 2026-06-17 7.8 HIGH 7.5 HIGH
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
CVE-2016-8918 1 Ibm 1 Integration Bus 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
CVE-2016-8917 1 Ibm 1 Sterling Selling And Fulfillment Foundation 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
CVE-2016-8916 1 Ibm 1 Tivoli Storage Manager 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
CVE-2016-8915 1 Ibm 1 Websphere Mq 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.