Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5955 | 1 Ibm | 2 Http Server, Websphere Application Server | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2012-3304 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.
|
|||||
| CVE-2010-3898 | 1 Ibm | 1 Omnifind | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
|
|||||
| CVE-2010-5204 | 1 Ibm | 1 Lotus Symphony | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-3311 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-11 | 3.3 LOW | N/A |
|
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.
|
|||||
| CVE-2013-3025 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-5035 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages.
|
|||||
| CVE-2010-0959 | 1 Ibm | 1 Enovia Smarteam | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
|
|||||
| CVE-2013-5421 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
|
|||||
| CVE-2010-4622 | 1 Ibm | 2 Aix, Tivoli Access Manager For E-business | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
|
|||||
| CVE-2014-0830 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.
|
|||||
| CVE-2014-0843 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
|
|||||
| CVE-2013-0506 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1608 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2013-0500 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2025-04-11 | 5.4 MEDIUM | N/A |
|
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.
|
|||||
| CVE-2013-5413 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
|
|||||
| CVE-2013-0518 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
|||||
| CVE-2012-0712 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
|
|||||
| CVE-2013-4020 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2011-2143 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | 6.8 MEDIUM | N/A |
|
IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain.
|
|||||
| CVE-2013-4006 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.
|
|||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.
|
|||||
| CVE-2012-0187 | 1 Ibm | 1 Lotus Expeditor | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
|
|||||
| CVE-2013-5405 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2011-0637 | 1 Ibm | 1 Aix | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
|
|||||
| CVE-2013-4046 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2012-5938 | 3 Conectiva, Ibm, Novell | 3 Linux, Infosphere Information Server, Unixware | 2025-04-11 | 7.2 HIGH | N/A |
|
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
|
|||||
| CVE-2013-4014 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-5062 | 1 Ibm | 3 Aix, Lotus Domino, Lotus Quickr | 2025-04-11 | 3.5 LOW | N/A |
|
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.
|
|||||
| CVE-2011-1820 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 1.7 LOW | N/A |
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
|
|||||
| CVE-2013-6312 | 1 Ibm | 2 Rational Performance Tester, Rational Service Tester | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2013-0483 | 1 Ibm | 1 Ims Enterprise Suite | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2012-4851 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
|
|||||
| CVE-2012-2169 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.
|
|||||
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2013-4052 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5947 | 1 Ibm | 1 Spss Samplepower | 2025-04-11 | 9.3 HIGH | N/A |
|
Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2013-3995 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-4817 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
|
|||||
| CVE-2011-3387 | 1 Ibm | 1 Java | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.
|
|||||