Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2163 | 1 Ibm | 2 Systems Director, Virtualization Manager | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.
|
|||||
| CVE-2012-4847 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte.
|
|||||
| CVE-2010-0776 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
|
|||||
| CVE-2013-5403 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors.
|
|||||
| CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
|
|||||
| CVE-2012-3301 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
|
|||||
| CVE-2008-7290 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consumption) by making many function calls.
|
|||||
| CVE-2014-0838 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
|
|||||
| CVE-2013-0472 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | 5.1 MEDIUM | N/A |
|
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
|
|||||
| CVE-2012-6350 | 1 Ibm | 1 Cognos Tm1 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-2953 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
|
|||||
| CVE-2011-2754 | 1 Ibm | 2 Web Content Manager, Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1460 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
|
|||||
| CVE-2012-4861 | 1 Ibm | 1 Infosphere Replication Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL.
|
|||||
| CVE-2012-4819 | 1 Ibm | 2 Infosphere Business Glossary, Infosphere Information Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5954 | 1 Ibm | 1 Tivoli Storage Manager For Space Management | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors.
|
|||||
| CVE-2011-3136 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.
|
|||||
| CVE-2010-4069 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-11 | 8.5 HIGH | N/A |
|
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.
|
|||||
| CVE-2012-0701 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2008-7274 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
|
|||||
| CVE-2010-4603 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 6.5 MEDIUM | N/A |
|
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
|
|||||
| CVE-2012-5760 | 1 Ibm | 1 Netezza | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-3317 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | 6.9 MEDIUM | N/A |
|
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
|
|||||
| CVE-2012-6352 | 1 Ibm | 1 Sterling Connect | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.
|
|||||
| CVE-2010-2068 | 4 Apache, Ibm, Microsoft and 1 more | 4 Http Server, Os2, Windows and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
|
|||||
| CVE-2013-4067 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 5.8 MEDIUM | N/A |
|
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.
|
|||||
| CVE-2012-3302 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.
|
|||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.5 HIGH | N/A |
|
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.
|
|||||
| CVE-2010-0715 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
|
|||||
| CVE-2013-4007 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-0585 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces.
|
|||||
| CVE-2012-4825 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.
|
|||||
| CVE-2012-2187 | 1 Ibm | 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
|
|||||
| CVE-2013-4041 | 1 Ibm | 1 Java | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.
|
|||||
| CVE-2013-6733 | 1 Ibm | 1 Sametime | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-1371 | 1 Ibm | 1 Websphere Ilog Rule Team Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171.
|
|||||
| CVE-2013-0475 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567.
|
|||||
| CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 1.5 LOW | N/A |
|
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
|
|||||
| CVE-2013-2987 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.
|
|||||
| CVE-2012-2205 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
|
|||||