Filtered by vendor Ibm
Subscriptions
Total
7722 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | N/A |
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | ||||
CVE-2016-9983 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. | ||||
CVE-2016-9704 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2025-04-20 | N/A |
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2016-9990 | 1 Ibm | 1 Inotes | 2025-04-20 | N/A |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | ||||
CVE-2017-1552 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | N/A |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396. | ||||
CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | ||||
CVE-2016-9715 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. | ||||
CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | N/A |
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | ||||
CVE-2017-1554 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | N/A |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. | ||||
CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | ||||
CVE-2016-9701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2025-04-20 | N/A |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. | ||||
CVE-2016-9716 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | ||||
CVE-2016-9720 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | N/A |
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533. | ||||
CVE-2016-9010 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | N/A |
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. | ||||
CVE-2016-9009 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | ||||
CVE-2016-9692 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | N/A |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. | ||||
CVE-2017-1550 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | N/A |
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | ||||
CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | N/A |
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | ||||
CVE-2016-9008 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | N/A |
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | ||||
CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-20 | N/A |
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. |