Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8308 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8911 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2016-8232 1 Ibm 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
CVE-2016-6126 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-6125 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-6124 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-6123 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-6122 1 Ibm 1 Kenexa Lms On Cloud 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
CVE-2016-6121 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
CVE-2016-6118 1 Ibm 1 Emptoris Strategic Supply Management 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356.
CVE-2016-6117 1 Ibm 1 Security Key Lifecycle Manager 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
CVE-2016-6116 1 Ibm 1 Security Key Lifecycle Manager 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2016-6115 1 Ibm 2 General Parallel File System, Spectrum Scale 2026-06-17 9.0 HIGH 7.2 HIGH
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
CVE-2016-6114 1 Ibm 1 Emptoris Sourcing 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.
CVE-2016-6113 1 Ibm 2 Domino, Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-6112 1 Ibm 3 Distributed Marketing, Marketing Operations, Marketing Platform 2026-06-17 6.5 MEDIUM 8.8 HIGH
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.
CVE-2016-6111 1 Ibm 1 Curam Social Program Management 2026-06-17 8.5 HIGH 9.1 CRITICAL
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2026-06-17 2.1 LOW 6.5 MEDIUM
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2016-6105 1 Ibm 1 Security Key Lifecycle Manager 2026-06-17 6.4 MEDIUM 8.2 HIGH
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
CVE-2016-6104 1 Ibm 1 Security Key Lifecycle Manager 2026-06-17 6.5 MEDIUM 7.2 HIGH
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2016-6103 1 Ibm 1 Security Key Lifecycle Manager 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.