Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 8310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5009 1 Ibm 1 Websphere Commerce 2026-06-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5008 1 Ibm 1 Websphere Commerce 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5007 1 Ibm 1 Websphere Commerce 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2015-5006 3 Ibm, Redhat, Suse 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more 2026-06-17 2.1 LOW N/A
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
CVE-2015-5005 1 Ibm 2 Aix, Powerha System Mirror 2026-06-17 8.5 HIGH N/A
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.
CVE-2015-5004 1 Ibm 1 Websphere Application Server 2026-06-17 4.0 MEDIUM N/A
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2015-5003 1 Ibm 1 Tivoli Monitoring 2026-06-17 8.5 HIGH 8.5 HIGH
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.
CVE-2015-5002 1 Ibm 1 Host On-demand 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5001 1 Ibm 1 Websphere Portal 2026-06-17 6.8 MEDIUM 4.3 MEDIUM
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.
CVE-2015-4998 1 Ibm 1 Websphere Portal 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.
CVE-2015-4997 1 Ibm 1 Websphere Portal 2026-06-17 6.8 MEDIUM N/A
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
CVE-2015-4996 1 Ibm 1 Rational Clearquest 2026-06-17 3.6 LOW 5.1 MEDIUM
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
CVE-2015-4994 1 Ibm 1 Domino 2026-06-17 7.5 HIGH N/A
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.
CVE-2015-4993 1 Ibm 1 Websphere Portal 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
CVE-2015-4992 1 Ibm 1 Sterling B2b Integrator 2026-06-17 3.5 LOW N/A
IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
CVE-2015-4991 1 Ibm 1 Spss Modeler 2026-06-17 2.1 LOW 4.0 MEDIUM
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
CVE-2015-4990 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 1.9 LOW 4.0 MEDIUM
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
CVE-2015-4989 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 5.0 MEDIUM 3.7 LOW
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
CVE-2015-4988 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 7.8 HIGH 8.6 HIGH
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-4987 1 Ibm 1 Tealeaf Customer Experience 2026-06-17 6.4 MEDIUM 6.5 MEDIUM
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.