Filtered by vendor Ibm
Subscribe
Total
8310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0363 | 3 Ibm, Novell, Redhat | 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. | |||||
| CVE-2016-0362 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 4.0 MEDIUM | 7.7 HIGH |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service. | |||||
| CVE-2016-0361 | 1 Ibm | 1 General Parallel File System | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords. | |||||
| CVE-2016-0360 | 1 Ibm | 1 Websphere Mq Jms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | |||||
| CVE-2016-0359 | 1 Ibm | 1 Websphere Application Server | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2016-0358 | 1 Ibm | 1 Sametime | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | |||||
| CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-0356 | 1 Ibm | 1 Sametime | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | |||||
| CVE-2016-0355 | 1 Ibm | 1 Sametime | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | |||||
| CVE-2016-0354 | 1 Ibm | 1 Sametime | 2026-06-17 | 6.0 MEDIUM | 5.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | |||||
| CVE-2016-0353 | 1 Ibm | 1 Security Privileged Identity Manager | 2026-06-17 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0351 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2026-06-17 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. | |||||
| CVE-2016-0350 | 1 Ibm | 1 Jazz Reporting Service | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. | |||||
| CVE-2016-0349 | 1 Ibm | 1 Business Process Manager | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | |||||
| CVE-2016-0348 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. | |||||
| CVE-2016-0346 | 1 Ibm | 1 Cognos Business Intelligence | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0345 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786. | |||||
| CVE-2016-0344 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. | |||||
| CVE-2016-0343 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784. | |||||
| CVE-2016-0342 | 1 Ibm | 1 Tririga Application Platform | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. | |||||
