Filtered by vendor Ibm
Subscriptions
Total
7724 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-9976 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | N/A |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | ||||
CVE-2016-9977 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | N/A |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | ||||
CVE-2016-9978 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | ||||
CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | ||||
CVE-2016-9980 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. | ||||
CVE-2016-9981 | 1 Ibm | 1 Security Appscan | 2025-04-20 | N/A |
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 | ||||
CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | ||||
CVE-2016-9989 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. | ||||
CVE-2016-9992 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||
CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||
CVE-2017-1171 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | N/A |
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. | ||||
CVE-2016-9692 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | N/A |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. | ||||
CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-20 | N/A |
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | ||||
CVE-2016-9698 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | N/A |
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | ||||
CVE-2016-9701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2025-04-20 | N/A |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. | ||||
CVE-2016-9704 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2025-04-20 | N/A |
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2016-9715 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. | ||||
CVE-2016-9716 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | ||||
CVE-2016-9748 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | N/A |
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. | ||||
CVE-2016-9719 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | N/A |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. |