Filtered by vendor Ibm
Subscribe
Search
Total
2663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0490 | 1 Ibm | 1 Infosphere Guardium | 2017-08-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors. | |||||
| CVE-2013-0499 | 1 Ibm | 14 Websphere Datapower B2b Appliance Xb62, Websphere Datapower B2b Appliance Xb62 Firmware, Websphere Datapower Integration Appliance Xi50 and 11 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. | |||||
| CVE-2013-5379 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. | |||||
| CVE-2013-4070 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | |||||
| CVE-2013-6299 | 1 Ibm | 1 Algo One | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6300, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333. | |||||
| CVE-2013-5375 | 1 Ibm | 1 Java | 2017-08-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. | |||||
| CVE-2013-0500 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2017-08-29 | 5.4 MEDIUM | N/A |
| IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | |||||
| CVE-2013-6725 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-5376 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | |||||
| CVE-2013-0509 | 1 Ibm | 2 Tivoli Netcool Application Service Monitors, Tivoli Netcool System Service Monitors | 2017-08-29 | 7.6 HIGH | N/A |
| Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. | |||||
| CVE-2013-0489 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | |||||
| CVE-2013-5378 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. | |||||
| CVE-2013-4067 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 5.8 MEDIUM | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. | |||||
| CVE-2013-4068 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-29 | 7.1 HIGH | N/A |
| Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. | |||||
| CVE-2013-6300 | 1 Ibm | 1 Algo One | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333. | |||||
| CVE-2013-6726 | 1 Ibm | 1 Tririga Application Platform | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4069 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-4063 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP. | |||||
| CVE-2013-4064 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA. | |||||
| CVE-2013-4062 | 1 Ibm | 1 Rational Policy Tester | 2017-08-29 | 6.8 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | |||||
| CVE-2013-4065 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP. | |||||
| CVE-2013-0488 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0501 | 1 Ibm | 1 Cognos Disclosure Management | 2017-08-29 | 9.3 HIGH | N/A |
| The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | |||||
| CVE-2013-4061 | 1 Ibm | 1 Rational Policy Tester | 2017-08-29 | 4.0 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | |||||
| CVE-2013-5398 | 1 Ibm | 1 Rational Focal Point | 2017-08-29 | 3.3 LOW | N/A |
| Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397. | |||||
| CVE-2013-5400 | 1 Ibm | 1 Platform Symphony | 2017-08-29 | 10.0 HIGH | N/A |
| An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | |||||
| CVE-2013-4066 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. | |||||
| CVE-2013-4055 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051. | |||||
| CVE-2013-4056 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2013-4059 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. | |||||
| CVE-2013-5380 | 1 Ibm | 1 Maximo Asset Management | 2017-08-29 | 2.1 LOW | N/A |
| IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-4052 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4053 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Feature Pack For Web Services | 2017-08-29 | 6.8 MEDIUM | N/A |
| The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. | |||||
| CVE-2013-0531 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 5.0 MEDIUM | N/A |
| The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4054 | 1 Ibm | 1 Websphere Mq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||||
| CVE-2013-4057 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2013-5394 | 1 Ibm | 1 Websphere Extreme Scale | 2017-08-29 | 4.9 MEDIUM | N/A |
| The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4049 | 1 Ibm | 1 Spss Analytical Decision Management | 2017-08-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. | |||||
| CVE-2013-4048 | 1 Ibm | 1 Spss Analytical Decision Management | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page. | |||||
| CVE-2013-4050 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-6723 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. | |||||
| CVE-2013-4051 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055. | |||||
| CVE-2013-4058 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | |||||
| CVE-2013-0502 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | |||||
| CVE-2013-0487 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 8.5 HIGH | N/A |
| The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | |||||
| CVE-2013-6325 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. | |||||
| CVE-2013-5453 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 3.5 LOW | N/A |
| IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. | |||||
| CVE-2013-6724 | 1 Ibm | 1 Spss Samplepower | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |||||
| CVE-2013-5454 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. | |||||
| CVE-2013-6722 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 5.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. | |||||