Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0209 1 Ibm 1 Websphere Portal 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-0208 1 Ibm 1 Websphere Commerce 2026-06-17 4.3 MEDIUM 3.7 LOW
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.
CVE-2016-0207 1 Ibm 1 Algo Risk Application 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.
CVE-2016-0206 1 Ibm 1 Cloud Orchestrator 2026-06-17 2.1 LOW 3.3 LOW
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
CVE-2016-0205 1 Ibm 1 Cloud Orchestrator 2026-06-17 2.1 LOW 3.3 LOW
A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.
CVE-2016-0204 1 Ibm 1 Cloud Orchestrator 2026-06-17 5.8 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-0203 1 Ibm 2 Cloud Orchestrator, Smartcloud Orchestrator 2026-06-17 2.1 LOW 5.5 MEDIUM
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
CVE-2016-0202 1 Ibm 1 Cloud Orchestrator 2026-06-17 2.1 LOW 3.3 LOW
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
CVE-2016-0201 1 Ibm 1 Security Network Protection Firmware 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
CVE-2015-9281 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
CVE-2015-8531 1 Ibm 2 Security Access Manager 9.0 Firmware, Security Access Manager For Web 8.0 Firmware 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-8530 1 Ibm 1 Spss Statistics 2026-06-17 6.0 MEDIUM 6.5 MEDIUM
Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument.
CVE-2015-8524 1 Ibm 1 Business Process Manager 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-8523 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-17 5.0 MEDIUM 7.5 HIGH
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.
CVE-2015-8522 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.
CVE-2015-8521 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.
CVE-2015-8520 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.
CVE-2015-8519 1 Ibm 1 Tivoli Storage Manager Fastback 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.
CVE-2015-7820 2 Ibm, Lenovo 2 System Networking Switch Center, Switch Center 2026-06-17 7.1 HIGH N/A
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
CVE-2015-7819 2 Ibm, Lenovo 2 System Networking Switch Center, Switch Center 2026-06-17 5.0 MEDIUM N/A
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.