Filtered by vendor Ibm Subscriptions
Total 8373 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-3893 1 Ibm 1 Omnifind 2025-04-11 N/A
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
CVE-2013-0582 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.
CVE-2010-3892 1 Ibm 1 Omnifind 2025-04-11 N/A
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.
CVE-2011-0732 1 Ibm 2 Tivoli Common Reporting, Tivoli Integrated Portal 2025-04-11 N/A
Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs."
CVE-2011-0731 1 Ibm 1 Db2 2025-04-11 N/A
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-1348 1 Ibm 1 Websphere Portal 2025-04-11 N/A
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
CVE-2013-0591 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.
CVE-2013-0596 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0563 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
CVE-2009-4999 1 Ibm 1 Filenet P8 Application Engine 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.
CVE-2011-2163 1 Ibm 2 Systems Director, Virtualization Manager 2025-04-11 N/A
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.
CVE-2010-0557 1 Ibm 1 Cognos Express 2025-04-11 N/A
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
CVE-2013-6321 1 Ibm 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more 2025-04-11 N/A
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2518 1 Ibm 4 Filenet P8 Business Process Manager, Filenet P8 Content Manager, P8 Content Engine and 1 more 2025-04-11 N/A
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information.
CVE-2010-2517 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
CVE-2011-0679 1 Ibm 1 Websphere Portal 2025-04-11 N/A
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
CVE-2011-1559 1 Ibm 1 Webi 2025-04-11 N/A
Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors.
CVE-2010-3760 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-11 N/A
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data. NOTE: this might overlap CVE-2010-3061.
CVE-2010-3756 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-11 N/A
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060.
CVE-2010-3755 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-11 N/A
The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet. NOTE: this might overlap CVE-2010-3060.