Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4031 | 1 Ibm | 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more | 2025-04-11 | 10.0 HIGH | N/A |
|
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
|
|||||
| CVE-2010-3318 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2010-3731 | 1 Ibm | 1 Db2 | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.
|
|||||
| CVE-2011-1370 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
|
|||||
| CVE-2009-5033 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread.
|
|||||
| CVE-2013-4039 | 1 Ibm | 1 Websphere Extended Deployment Compute Grid | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.
|
|||||
| CVE-2013-0571 | 1 Ibm | 2 Application Support Facility, Document Connect For Application Support Facility | 2025-04-11 | 2.9 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2010-0783 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-0731 | 1 Ibm | 1 Db2 | 2025-04-11 | 7.5 HIGH | N/A |
|
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2013-5466 | 1 Ibm | 3 Db2, Db2 Connect, Db2 Purescale Feature 9.8 | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.
|
|||||
| CVE-2013-2960 | 1 Ibm | 2 Application Manager For Smart Business, Tivoli Monitoring | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL.
|
|||||
| CVE-2013-0569 | 1 Ibm | 1 Connections | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-4544 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-0598 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
|
|||||
| CVE-2010-2638 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.
|
|||||
| CVE-2013-4063 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.
|
|||||
| CVE-2013-5415 | 1 Ibm | 1 Rational Clearcase | 2025-04-11 | 7.2 HIGH | N/A |
|
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2012-5767 | 1 Ibm | 2 Ts3500 Tape Library, Ts3500 Tape Library Firmware | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2012-3328 | 1 Ibm | 5 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.
|
|||||
| CVE-2012-3321 | 1 Ibm | 1 Smartcloud Control Desk | 2025-04-11 | 6.5 MEDIUM | N/A |
|
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password.
|
|||||
| CVE-2012-4858 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 9.3 HIGH | N/A |
|
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2011-1357 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
|||||
| CVE-2010-2656 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
|
|||||
| CVE-2013-6721 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.
|
|||||
| CVE-2010-0153 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.
|
|||||
| CVE-2013-5381 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2012-0705 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Metabrokers \& Bridges | 2025-04-11 | 7.1 HIGH | N/A |
|
InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2014-0842 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
|
|||||
| CVE-2012-2192 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
|
|||||
| CVE-2013-3036 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 4.9 MEDIUM | N/A |
|
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
|
|||||
| CVE-2013-5407 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.9 MEDIUM | N/A |
|
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.
|
|||||
| CVE-2013-0464 | 1 Ibm | 2 Eclipse Help System, Spss Data Collection | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2013-2982 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 6.5 MEDIUM | N/A |
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors.
|
|||||
| CVE-2012-5758 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2025-04-11 | 7.8 HIGH | N/A |
|
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.
|
|||||
| CVE-2010-3737 | 1 Ibm | 1 Db2 | 2025-04-11 | 3.5 LOW | N/A |
|
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.
|
|||||
| CVE-2013-0549 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2013-0523 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.
|
|||||
| CVE-2012-2955 | 1 Ibm | 3 Lotus Protector For Mail Security, Proventia Network Mail Security System, Proventia Network Mail Security System Firmware | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||
| CVE-2010-4593 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.
|
|||||