Filtered by vendor Ibm
Subscribe
Total
8223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5023 | 1 Ibm | 1 Curam Social Program Management | 2026-05-06 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5006 | 3 Ibm, Redhat, Suse | 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more | 2026-05-06 | 2.1 LOW | N/A |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. | |||||
| CVE-2014-3058 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2026-05-06 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2014-0877 | 1 Ibm | 1 Cognos Tm1 | 2026-05-06 | 5.0 MEDIUM | N/A |
| IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | |||||
| CVE-2011-1381 | 1 Ibm | 1 Openpages Grc Platform | 2026-05-06 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2015-4932 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2026-05-06 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935. | |||||
| CVE-2016-0372 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2026-05-06 | 4.3 MEDIUM | 3.7 LOW |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0381 | 1 Ibm | 1 Cognos Tm1 | 2026-05-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value. | |||||
| CVE-2015-0149 | 1 Ibm | 1 Api Management | 2026-05-06 | 5.5 MEDIUM | N/A |
| The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. | |||||
| CVE-2015-1937 | 1 Ibm | 1 Powervc | 2026-05-06 | 7.5 HIGH | N/A |
| IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. | |||||
| CVE-2014-0921 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2026-05-06 | 4.3 MEDIUM | N/A |
| The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | |||||
| CVE-2016-0338 | 1 Ibm | 1 Security Identity Manager Adapter | 2026-05-06 | 2.1 LOW | 6.2 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process. | |||||
| CVE-2013-3998 | 1 Ibm | 1 Infosphere Biginsights | 2026-05-06 | 3.5 LOW | N/A |
| CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2015-1920 | 1 Ibm | 1 Websphere Application Server | 2026-05-06 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | |||||
| CVE-2015-3316 | 6 Broadcom, Ca, Hp and 3 more | 11 Network And Systems Management, Client Automation, Network And Systems Management and 8 more | 2026-05-06 | 4.6 MEDIUM | N/A |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. | |||||
| CVE-2016-0375 | 1 Ibm | 1 Messagesight | 2026-05-06 | 9.0 HIGH | 8.8 HIGH |
| JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors. | |||||
| CVE-2015-1987 | 1 Ibm | 1 Websphere Mq Light | 2026-05-06 | 7.8 HIGH | N/A |
| IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958. | |||||
| CVE-2016-5944 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2026-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2013-6315 | 1 Ibm | 2 Enterprise Records, Infosphere Enterprise Records | 2026-05-06 | 4.3 MEDIUM | N/A |
| IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2014-0924 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2026-05-06 | 4.6 MEDIUM | N/A |
| IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring. | |||||