Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-12 | 8.5 HIGH | 8.5 HIGH |
|
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.
|
|||||
| CVE-2015-5019 | 1 Ibm | 2 Sterling B2b Integrator, Sterling Integrator | 2025-04-12 | 5.5 MEDIUM | N/A |
|
IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement.
|
|||||
| CVE-2014-8920 | 1 Ibm | 1 I Access | 2025-04-12 | 7.2 HIGH | N/A |
|
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2016-0365 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
|
|||||
| CVE-2014-0944 | 1 Ibm | 1 Operational Decision Manager | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
|
|||||
| CVE-2014-4807 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.
|
|||||
| CVE-2016-0650 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2025-04-12 | 4.0 MEDIUM | 5.5 MEDIUM |
|
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
|
|||||
| CVE-2014-6086 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | 5.0 MEDIUM | N/A |
|
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.
|
|||||
| CVE-2016-3056 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content.
|
|||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-0379 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 3.5 LOW | 3.1 LOW |
|
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.
|
|||||
| CVE-2014-4763 | 1 Ibm | 2 Filenet Content Foundation, Filenet Content Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-1902 | 1 Ibm | 1 Domino | 2025-04-12 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.
|
|||||
| CVE-2014-0880 | 1 Ibm | 12 Flex System V7000, Flex System V7000 Software, San Volume Controller and 9 more | 2025-04-12 | 7.5 HIGH | N/A |
|
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.
|
|||||
| CVE-2014-0884 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-6119 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2025-04-12 | 9.3 HIGH | N/A |
|
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.
|
|||||
| CVE-2016-0341 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2014-4824 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-4771 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 3.5 LOW | N/A |
|
IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.
|
|||||
| CVE-2014-3094 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-04-12 | 8.5 HIGH | N/A |
|
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.
|
|||||
| CVE-2015-4944 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2014-6077 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
|
|||||
| CVE-2015-5051 | 1 Ibm | 9 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 6 more | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
|
|||||
| CVE-2015-4990 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 1.9 LOW | 4.0 MEDIUM |
|
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.
|
|||||
| CVE-2014-3080 | 1 Ibm | 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
|
|||||
| CVE-2015-1947 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | 6.9 MEDIUM | 7.4 HIGH |
|
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.
|
|||||
| CVE-2013-3981 | 1 Ibm | 1 Sametime | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.
|
|||||
| CVE-2015-4939 | 1 Ibm | 3 Emptoris Program Management, Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-5035 | 1 Ibm | 1 Connections | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036.
|
|||||
| CVE-2015-0146 | 1 Ibm | 1 Content Collector | 2025-04-12 | 2.1 LOW | N/A |
|
IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.
|
|||||
| CVE-2014-6089 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | 4.0 MEDIUM | N/A |
|
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area.
|
|||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-0967 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 3.5 LOW | 4.4 MEDIUM |
|
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.
|
|||||
| CVE-2014-0941 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.
|
|||||
| CVE-2014-6163 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2015-0175 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.5 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2014-0966 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-7435 | 1 Ibm | 1 Tivoli Common Reporting | 2025-04-12 | 1.9 LOW | 2.5 LOW |
|
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.
|
|||||
| CVE-2014-8923 | 1 Ibm | 2 Security Identity Manager Active Directory Adapter, Tivoli Identity Manager Active Directory Adapter | 2025-04-12 | 1.9 LOW | N/A |
|
The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.
|
|||||