Filtered by vendor Ibm
Subscriptions
Total
7722 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-1097 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | N/A |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. | ||||
CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||
CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||
CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | ||||
CVE-2017-1481 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | ||||
CVE-2016-9980 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. | ||||
CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | N/A |
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | ||||
CVE-2017-1628 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | ||||
CVE-2016-9981 | 1 Ibm | 1 Security Appscan | 2025-04-20 | N/A |
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 | ||||
CVE-2017-1093 | 1 Ibm | 1 Aix | 2025-04-20 | N/A |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | ||||
CVE-2017-1146 | 1 Ibm | 1 Content Navigator | 2025-04-20 | N/A |
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | ||||
CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | N/A |
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2025-04-20 | N/A |
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | ||||
CVE-2016-8943 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | N/A |
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2014-9565 | 1 Ibm | 4 En6131, En6131 Firmware, Ib6131 and 1 more | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | ||||
CVE-2014-9564 | 1 Ibm | 4 En6131, En6131 Firmware, Ib6131 and 1 more | 2025-04-20 | N/A |
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. | ||||
CVE-2016-9739 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | N/A |
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | ||||
CVE-2016-9738 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | ||||
CVE-2016-9740 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. | ||||
CVE-2016-9731 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |