Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7423 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1297 3 Ibm, Linux, Microsoft 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more 2025-04-20 4.4 MEDIUM 7.3 HIGH
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVE-2016-9693 1 Ibm 2 Business Process Manager, Websphere 2025-04-20 6.8 MEDIUM 6.1 MEDIUM
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
CVE-2017-1289 1 Ibm 1 Sdk 2025-04-20 6.4 MEDIUM 8.2 HIGH
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
CVE-2016-2981 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 2.1 LOW 6.8 MEDIUM
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
CVE-2016-8934 1 Ibm 1 Websphere Application Server 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-1379 1 Ibm 1 Api Connect 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.
CVE-2017-1099 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
CVE-2017-1381 1 Ibm 1 Websphere Application Server 2025-04-20 2.1 LOW 3.3 LOW
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
CVE-2016-9738 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.
CVE-2016-2979 1 Ibm 1 Sametime 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
CVE-2017-1550 1 Ibm 1 Sterling File Gateway 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.
CVE-2017-1309 1 Ibm 1 Infosphere Master Data Management Server 2025-04-20 2.1 LOW 7.8 HIGH
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
CVE-2017-1192 1 Ibm 1 Sterling B2b Integrator 2025-04-20 6.4 MEDIUM 8.2 HIGH
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.
CVE-2016-5882 1 Ibm 2 Domino, Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-1236 1 Ibm 1 Websphere Mq 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
CVE-2016-0358 1 Ibm 1 Sametime 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
CVE-2017-1452 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 7.2 HIGH 7.8 HIGH
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
CVE-2016-6033 1 Ibm 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware 2025-04-20 6.8 MEDIUM 8.8 HIGH
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545.
CVE-2017-1295 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
CVE-2017-1336 1 Ibm 1 Infosphere Biginsights 2025-04-20 3.6 LOW 4.4 MEDIUM
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.