Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1353 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 3.5 LOW | 3.5 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | |||||
| CVE-2017-1302 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. | |||||
| CVE-2016-9972 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208. | |||||
| CVE-2017-1349 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. | |||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | |||||
| CVE-2016-6065 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | |||||
| CVE-2017-1498 | 1 Ibm | 1 Connections | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | |||||
| CVE-2016-0360 | 1 Ibm | 1 Websphere Mq Jms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | |||||
| CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | |||||
| CVE-2016-6099 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||||
| CVE-2017-1445 | 1 Ibm | 1 Emptoris Spend Analysis | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | |||||
| CVE-2016-5918 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager For Space Management, Windows | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | |||||
| CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | |||||
| CVE-2017-1219 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | |||||
| CVE-2017-1495 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. | |||||
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | |||||
| CVE-2016-0394 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | |||||
| CVE-2017-1131 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |||||
| CVE-2017-1326 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. | |||||
| CVE-2016-2971 | 1 Ibm | 1 Sametime | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. | |||||