Filtered by vendor Ibm
Subscriptions
Total
7986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9000 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server On Cloud | 2025-04-20 | N/A |
| IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. | ||||
| CVE-2016-5942 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2016-5959 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | N/A |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | ||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | N/A |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | ||||
| CVE-2016-8922 | 1 Ibm | 2 Web Content Manager Production Analytics, Websphere Portal | 2025-04-20 | N/A |
| Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2016-2924 | 1 Ibm | 1 Biginsights | 2025-04-20 | N/A |
| IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | ||||
| CVE-2016-5934 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-20 | N/A |
| IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | ||||
| CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | N/A |
| IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. | ||||
| CVE-2017-1551 | 1 Ibm | 1 Api Connect | 2025-04-20 | N/A |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | ||||
| CVE-2016-5937 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2016-9994 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | ||||
| CVE-2016-5919 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more | 2025-04-20 | N/A |
| IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. | ||||
| CVE-2016-9991 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-20 | N/A |
| IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | ||||
| CVE-2016-9988 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. | ||||
| CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | N/A |
| IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | ||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | ||||
| CVE-2016-3019 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | N/A |
| IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. | ||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | N/A |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | ||||
| CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | N/A |
| IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | ||||