Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6018 1 Ibm 1 Emptoris Contract Management 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
CVE-2016-6001 1 Ibm 1 Forms Experience Builder 2026-06-17 3.5 LOW 3.1 LOW
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
CVE-2016-6000 1 Ibm 1 Tririga Application Platform 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5997 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-5996 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 5.0 MEDIUM 7.5 HIGH
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-5995 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Db2 and 2 more 2026-06-17 6.9 MEDIUM 7.3 HIGH
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
CVE-2016-5994 1 Ibm 1 Infosphere Information Server 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
CVE-2016-5992 1 Ibm 1 Sterling Connect\ 2026-06-17 1.9 LOW 2.5 LOW
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
CVE-2016-5991 1 Ibm 1 Sterling Connect\ 2026-06-17 4.4 MEDIUM 4.5 MEDIUM
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
CVE-2016-5990 1 Ibm 1 Security Privileged Identity Manager 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
CVE-2016-5988 1 Ibm 1 Security Privileged Identity Manager 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
CVE-2016-5987 1 Ibm 1 Maximo Asset Management 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
CVE-2016-5986 1 Ibm 1 Websphere Application Server 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-5985 1 Ibm 2 Aix, Tivoli Storage Manager 2026-06-17 7.2 HIGH 7.8 HIGH
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
CVE-2016-5984 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
CVE-2016-5983 1 Ibm 1 Websphere Application Server 2026-06-17 6.5 MEDIUM 7.5 HIGH
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
CVE-2016-5981 1 Ibm 2 Filenet Workplace, Filenet Workplace Xt 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5980 1 Ibm 1 Tririga Application Platform 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5979 1 Ibm 1 Distributed Marketing 2026-06-17 4.0 MEDIUM 2.7 LOW
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.
CVE-2016-5978 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.