Filtered by vendor Ibm
Subscribe
Total
7404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5897 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2016-9982 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. | |||||
| CVE-2016-5953 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. | |||||
| CVE-2016-2966 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | |||||
| CVE-2016-9976 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 6.8 MEDIUM | 8.4 HIGH |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | |||||
| CVE-2017-1106 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. | |||||
| CVE-2017-1193 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||||
| CVE-2017-1424 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2017-1096 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. | |||||
| CVE-2017-1490 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | |||||
| CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. | |||||
| CVE-2017-1439 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | |||||
| CVE-2017-1234 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913. | |||||
| CVE-2016-5932 | 1 Ibm | 1 Connections | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | |||||
| CVE-2016-0356 | 1 Ibm | 1 Sametime | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | |||||
| CVE-2017-1310 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. | |||||
| CVE-2017-1199 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. | |||||
| CVE-2017-1104 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666. | |||||
| CVE-2016-8931 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||