Filtered by vendor Ibm
Subscriptions
Total
8182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0242 | 1 Ibm | 1 Security Guardium | 2025-04-12 | N/A |
| IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | ||||
| CVE-2016-0389 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-7410 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | N/A |
| The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2016-0287 | 2 Ibm, Microsoft | 2 I Access, Windows | 2025-04-12 | N/A |
| IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | ||||
| CVE-2015-7421 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | N/A |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. | ||||
| CVE-2015-7431 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-6154 | 3 Ibm, Linux, Microsoft | 3 Optim Performance Manager, Linux Kernel, Windows | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. | ||||
| CVE-2016-0288 | 1 Ibm | 1 Security Appscan | 2025-04-12 | N/A |
| IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-0319 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | N/A |
| The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-4817 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | ||||
| CVE-2014-6215 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-6197 | 1 Ibm | 5 Security Network Protection Xgs 3100, Security Network Protection Xgs 4100, Security Network Protection Xgs 5100 and 2 more | 2025-04-12 | N/A |
| IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2014-6192 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-6190 | 1 Ibm | 1 Workload Deployer | 2025-04-12 | N/A |
| The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. | ||||
| CVE-2016-2995 | 1 Ibm | 1 Connections | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010. | ||||
| CVE-2014-6183 | 1 Ibm | 3 Security Network Protection Firmware, Security Network Protection Xgs 5000, Security Network Protection Xgs 5100 | 2025-04-12 | N/A |
| IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-0130 | 1 Ibm | 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-6180 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. | ||||
| CVE-2016-0325 | 1 Ibm | 1 Rational Team Concert | 2025-04-12 | N/A |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2014-6176 | 1 Ibm | 3 Business Process Manager, Websphere Enterprise Service Bus, Websphere Process Server | 2025-04-12 | N/A |
| IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. | ||||