Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8919 1 Ibm 1 Websphere Application Server 2025-04-20 7.8 HIGH 7.5 HIGH
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
CVE-2016-6077 1 Ibm 1 Cognos Disclosure Management 2025-04-20 6.8 MEDIUM 5.3 MEDIUM
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
CVE-2016-6113 1 Ibm 2 Domino, Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-1577 1 Ibm 1 Websphere Portal 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
CVE-2016-8918 1 Ibm 1 Integration Bus 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
CVE-2017-1531 1 Ibm 1 Business Process Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
CVE-2016-5952 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 6.5 MEDIUM 8.8 HIGH
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-0214 1 Ibm 1 Bigfix Platform 2025-04-20 6.8 MEDIUM 7.8 HIGH
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
CVE-2016-5897 1 Ibm 1 Jazz Reporting Service 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2016-5898 1 Ibm 1 Jazz Reporting Service 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2016-5883 1 Ibm 1 Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.
CVE-2016-6122 1 Ibm 1 Kenexa Lms On Cloud 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
CVE-2016-6118 1 Ibm 1 Emptoris Strategic Supply Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356.
CVE-2017-1097 1 Ibm 1 Emptoris Strategic Supply Management 2025-04-20 6.8 MEDIUM 8.8 HIGH
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
CVE-2016-3053 1 Ibm 1 Aix 2025-04-20 7.2 HIGH 7.8 HIGH
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
CVE-2016-2880 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 2.1 LOW 7.8 HIGH
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
CVE-2017-1569 1 Ibm 1 Websphere Commerce 2025-04-20 5.0 MEDIUM 7.5 HIGH
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
CVE-2017-1688 1 Ibm 1 Rational Doors Next Generation 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.
CVE-2017-1291 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
CVE-2017-1431 1 Ibm 1 Infosphere Streams 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632.