Filtered by vendor Ibm
Subscribe
Total
8223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4963 | 1 Ibm | 1 Security Access Manager For Web | 2026-05-06 | 7.5 HIGH | N/A |
| IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2013-3982 | 1 Ibm | 1 Sametime | 2026-05-06 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. | |||||
| CVE-2015-1930 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2026-05-06 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. | |||||
| CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2026-05-06 | 7.1 HIGH | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | |||||
| CVE-2016-2963 | 1 Ibm | 1 Bigfix Remote Control | 2026-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2014-4769 | 1 Ibm | 1 Websphere Commerce | 2026-05-06 | 4.0 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-0144 | 1 Ibm | 1 Openpages Grc Platform | 2026-05-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | |||||
| CVE-2016-5905 | 1 Ibm | 1 Maximo Asset Management | 2026-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2945 | 1 Ibm | 1 Websphere Application Server | 2026-05-06 | 6.0 MEDIUM | 7.5 HIGH |
| The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document. | |||||
| CVE-2016-2869 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2026-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL. | |||||
| CVE-2016-3039 | 1 Ibm | 1 Traveler | 2026-05-06 | 8.5 HIGH | 8.1 HIGH |
| IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-2961 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2026-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. | |||||
| CVE-2014-4835 | 1 Ibm | 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer | 2026-05-06 | 2.1 LOW | N/A |
| IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2015-4990 | 1 Ibm | 1 Tealeaf Customer Experience | 2026-05-06 | 1.9 LOW | 4.0 MEDIUM |
| The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type. | |||||
| CVE-2015-5037 | 1 Ibm | 1 Connections | 2026-05-06 | 6.8 MEDIUM | 5.4 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-0387 | 1 Ibm | 1 Tririga Application Platform | 2026-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | |||||
| CVE-2014-6171 | 1 Ibm | 1 Websphere Portal | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-0879 | 1 Ibm | 1 Datacap Taskmaster Capture | 2026-05-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-0958 | 1 Ibm | 1 Websphere Portal | 2026-05-06 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2014-4810 | 1 Ibm | 1 Cognos Mobile | 2026-05-06 | 4.3 MEDIUM | N/A |
| IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | |||||