Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2012-4835 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1242 | 1 Ibm | 1 Webi | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4005 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
|
|||||
| CVE-2011-1038 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.
|
|||||
| CVE-2012-6354 | 1 Ibm | 2 San Volume Controller Software, Storwize V7000 | 2025-04-11 | 7.5 HIGH | N/A |
|
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
|
|||||
| CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2012-5770 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.
|
|||||
| CVE-2011-4160 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Operations Agent, Performance Agent and 3 more | 2025-04-11 | 3.2 LOW | N/A |
|
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.
|
|||||
| CVE-2013-4017 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-0591 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.
|
|||||
| CVE-2013-5394 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2012-5769 | 1 Ibm | 1 Spss Modeler | 2025-04-11 | 5.8 MEDIUM | N/A |
|
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
|
|||||
| CVE-2012-2171 | 1 Ibm | 18 Ds4100, Ds4200, Ds4300 and 15 more | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
|
|||||
| CVE-2010-3700 | 3 Acegisecurity, Ibm, Vmware | 3 Acegi-security, Websphere Application Server, Springsource Spring Security | 2025-04-11 | 5.0 MEDIUM | N/A |
|
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
|
|||||
| CVE-2011-1396 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.
|
|||||
| CVE-2013-5420 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2025-04-11 | 3.5 LOW | N/A |
|
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
|
|||||
| CVE-2013-6328 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
|
|||||
| CVE-2010-4220 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
|
|||||
| CVE-2010-0781 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.
|
|||||
| CVE-2013-2977 | 3 Ibm, Linux, Microsoft | 3 Lotus Notes, Linux Kernel, Windows | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.
|
|||||
| CVE-2011-1378 | 2 Hp, Ibm | 2 Openvms, Websphere Mq | 2025-04-11 | 1.9 LOW | N/A |
|
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
|
|||||
| CVE-2010-3060 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.
|
|||||
| CVE-2012-5946 | 1 Ibm | 1 Spss Samplepower | 2025-04-11 | 9.3 HIGH | N/A |
|
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
|
|||||
| CVE-2012-3296 | 1 Ibm | 1 Power Hardware Management Console | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-5370 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
|
|||||
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2012-0742 | 1 Ibm | 1 Tivoli Event Pump | 2025-04-11 | 1.9 LOW | N/A |
|
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
|
|||||
| CVE-2010-2985 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.
|
|||||
| CVE-2013-2976 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 1.9 LOW | N/A |
|
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-0855 | 1 Ibm | 2 Connections Portlets, Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-2981 | 1 Ibm | 1 Data Studio | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-0822 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 7.8 HIGH | N/A |
|
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
|
|||||
| CVE-2012-2206 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 3.5 LOW | N/A |
|
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
|
|||||
| CVE-2010-3197 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2011-1821 | 2 Ibm, Microsoft | 2 Tivoli Directory Server, Windows | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.
|
|||||
| CVE-2012-2174 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
|
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
|
|||||
| CVE-2012-1844 | 3 Dell, Ibm, Quantum | 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more | 2025-04-11 | 7.5 HIGH | N/A |
|
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.
|
|||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
|
|||||
| CVE-2010-4057 | 1 Ibm | 1 Soliddb | 2025-04-11 | 5.0 MEDIUM | N/A |
|
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315.
|
|||||