Filtered by vendor Ibm
Subscribe
Total
7370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1549 | 1 Ibm | 1 Rational Quality Manager | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658. | |||||
| CVE-2018-1548 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657. | |||||
| CVE-2018-1547 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 5.1 MEDIUM | 8.0 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. | |||||
| CVE-2018-1546 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. | |||||
| CVE-2018-1545 | 2 Apple, Ibm | 3 Macos, Spectrum Protect Client, Spectrum Protect For Virtual Environments | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. | |||||
| CVE-2018-1544 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. | |||||
| CVE-2018-1543 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. | |||||
| CVE-2018-1542 | 1 Ibm | 2 Content Foundation, Filenet Content Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597. | |||||
| CVE-2018-1541 | 1 Ibm | 1 Websphere Commerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596. | |||||
| CVE-2018-1539 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | 6.4 MEDIUM | 5.4 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561. | |||||
| CVE-2018-1536 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558. | |||||
| CVE-2018-1535 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557. | |||||
| CVE-2018-1532 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. | |||||
| CVE-2018-1529 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291. | |||||
| CVE-2018-1528 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. | |||||
| CVE-2018-1525 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117. | |||||
| CVE-2018-1524 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. | |||||
| CVE-2018-1523 | 1 Ibm | 1 Rational Quality Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804. | |||||
| CVE-2018-1522 | 1 Ibm | 1 Rational Quality Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803. | |||||
| CVE-2018-1521 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802. | |||||