Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1339 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 2.1 LOW | 4.4 MEDIUM |
| IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. | |||||
| CVE-2016-8948 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. | |||||
| CVE-2017-1461 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460. | |||||
| CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | |||||
| CVE-2017-1320 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. | |||||
| CVE-2016-9717 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. | |||||
| CVE-2017-1304 | 1 Ibm | 1 Elastic Storage Server | 2025-04-20 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458. | |||||
| CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||||
| CVE-2017-1549 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | |||||
| CVE-2016-0210 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. | |||||
| CVE-2017-1340 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 5.0 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. | |||||
| CVE-2017-1504 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | |||||
| CVE-2017-1444 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110. | |||||
| CVE-2016-8941 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2016-2941 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | |||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | |||||
| CVE-2016-0355 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | |||||
| CVE-2016-8929 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2017-1257 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | |||||
| CVE-2016-5883 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010. | |||||