Filtered by vendor Ibm
Subscribe
Total
8310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2026-06-17 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-5976 | 1 Ibm | 1 Tealeaf Customer Experience | 2026-06-17 | 2.6 LOW | 4.9 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | |||||
| CVE-2016-5975 | 1 Ibm | 1 Tealeaf Customer Experience | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978. | |||||
| CVE-2016-5974 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2016-5972 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 4.9 MEDIUM | 6.8 MEDIUM |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-5971 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2016-5968 | 1 Ibm | 1 Tealeaf Customer Experience | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors. | |||||
| CVE-2016-5967 | 1 Ibm | 1 Rational Asset Analyzer | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | |||||
| CVE-2016-5966 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-5964 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2016-5963 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-5960 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. | |||||
| CVE-2016-5959 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | |||||
| CVE-2016-5958 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. | |||||
| CVE-2016-5957 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. | |||||
| CVE-2016-5955 | 1 Ibm | 1 Rational Doors Next Generation | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
| CVE-2016-5953 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2026-06-17 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. | |||||
| CVE-2016-5952 | 1 Ibm | 1 Kenexa Lcms Premier | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
