Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5920 1 Ibm 1 Financial Transaction Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5919 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
CVE-2016-5918 2 Ibm, Microsoft 2 Tivoli Storage Manager For Space Management, Windows 2026-06-17 1.9 LOW 4.7 MEDIUM
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.
CVE-2016-5905 1 Ibm 1 Maximo Asset Management 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5902 1 Ibm 9 Maximo Asset Management, Maximo For Aviation, Maximo For Energy Optimization and 6 more 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5901 1 Ibm 1 Business Process Manager 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5900 1 Ibm 1 Tealeaf Customer Experience On Cloud Network Capture Add-on 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2016-5899 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5898 1 Ibm 1 Jazz Reporting Service 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2016-5897 1 Ibm 1 Jazz Reporting Service 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2016-5896 1 Ibm 6 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 3 more 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
CVE-2016-5894 1 Ibm 1 Websphere Commerce 2026-06-17 1.9 LOW 5.1 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
CVE-2016-5893 1 Ibm 1 Sterling B2b Integrator 2026-06-17 2.1 LOW 5.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
CVE-2016-5892 1 Ibm 2 B2b Advanced Communications, Multi-enterprise Integration Gateway 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5890 1 Ibm 1 Sterling B2b Integrator 2026-06-17 3.5 LOW 5.3 MEDIUM
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
CVE-2016-5889 1 Ibm 1 Interact 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.
CVE-2016-5888 1 Ibm 1 Interact 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084.
CVE-2016-5884 1 Ibm 2 Domino, Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5883 1 Ibm 1 Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.
CVE-2016-5882 1 Ibm 2 Domino, Inotes 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.