Filtered by vendor Ibm
Subscribe
Total
7369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5011 | 3 Ibm, Kernel, Redhat | 9 Power Hardware Management Console, Powerkvm, Util-linux and 6 more | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
| CVE-2017-1125 | 1 Ibm | 1 Cognos Business Intelligence Server | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. | |||||
| CVE-2016-9006 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | |||||
| CVE-2016-5990 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | |||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-6055 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515. | |||||
| CVE-2017-1148 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. | |||||
| CVE-2016-6036 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | |||||
| CVE-2017-1439 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | |||||
| CVE-2017-1191 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. | |||||
| CVE-2014-6106 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | |||||
| CVE-2016-2930 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | |||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | 1.7 LOW | 2.8 LOW |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | |||||
| CVE-2016-3052 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | |||||
| CVE-2017-1354 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. | |||||
| CVE-2017-1229 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908. | |||||
| CVE-2017-1214 | 1 Ibm | 1 Inotes | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. | |||||
| CVE-2016-3024 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 2.1 LOW | 4.0 MEDIUM |
| IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | |||||