Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3028 1 Ibm 2 Security Access Manager, Security Access Manager For Web 2026-06-17 9.0 HIGH 9.1 CRITICAL
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
CVE-2016-3027 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more 2026-06-17 5.5 MEDIUM 6.5 MEDIUM
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVE-2016-3025 1 Ibm 2 Security Access Manager, Security Access Manager For Mobile 2026-06-17 5.0 MEDIUM 8.1 HIGH
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2016-3024 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more 2026-06-17 2.1 LOW 4.0 MEDIUM
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
CVE-2016-3023 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
CVE-2016-3022 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
CVE-2016-3021 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 4.0 MEDIUM 2.7 LOW
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVE-2016-3020 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
CVE-2016-3019 1 Ibm 1 Security Access Manager 9.0 Firmware 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.
CVE-2016-3018 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-3017 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVE-2016-3016 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2026-06-17 3.5 LOW 4.4 MEDIUM
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
CVE-2016-3015 1 Ibm 1 Cognos Analytics 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.
CVE-2016-3014 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3013 1 Ibm 1 Websphere Mq 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
CVE-2016-3012 1 Ibm 2 Api Connect, Network Path Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.
CVE-2016-3010 1 Ibm 1 Connections 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005.
CVE-2016-3009 1 Ibm 1 Connections 2026-06-17 3.5 LOW 3.5 LOW
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
CVE-2016-3008 1 Ibm 1 Connections 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956.
CVE-2016-3007 1 Ibm 1 Connections 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.