Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1600 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | |||||
| CVE-2017-1257 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | |||||
| CVE-2017-1261 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | |||||
| CVE-2017-1270 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||
| CVE-2017-1262 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | |||||
| CVE-2017-1595 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. | |||||
| CVE-2017-1596 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | |||||
| CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2018-01-03 | 5.5 MEDIUM | N/A |
| The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||||
| CVE-2014-0822 | 1 Ibm | 1 Lotus Domino | 2018-01-03 | 7.8 HIGH | N/A |
| The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. | |||||
| CVE-2014-0831 | 1 Ibm | 1 Financial Transaction Manager | 2018-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | |||||
| CVE-2017-1536 | 1 Ibm | 1 Websphere Portal | 2017-12-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. | |||||
| CVE-2017-1546 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-12-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. | |||||
| CVE-2017-1635 | 1 Ibm | 1 Tivoli Monitoring | 2017-12-27 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243. | |||||
| CVE-2017-1558 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-12-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | |||||
| CVE-2017-1613 | 1 Ibm | 1 Connections | 2017-12-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | |||||
| CVE-2017-1632 | 1 Ibm | 1 Sterling File Gateway | 2017-12-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | |||||
| CVE-2017-1683 | 1 Ibm | 1 Connections Engagement Center | 2017-12-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. | |||||
| CVE-2017-1421 | 1 Ibm | 1 Inotes | 2017-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2017-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-1507 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-12-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | |||||
| CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2017-12-22 | 3.6 LOW | 4.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||||
| CVE-2012-2202 | 1 Ibm | 3 Lotus Protector For Mail Security, Proventia Network Mail Security System, Proventia Network Mail Security System Firmware | 2017-12-22 | 3.5 LOW | N/A |
| Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2012-2197 | 1 Ibm | 1 Db2 | 2017-12-22 | 7.1 HIGH | N/A |
| Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | |||||
| CVE-2012-2194 | 1 Ibm | 1 Db2 | 2017-12-22 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | |||||
| CVE-2012-2196 | 1 Ibm | 1 Db2 | 2017-12-22 | 5.0 MEDIUM | N/A |
| IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. | |||||
| CVE-2012-2955 | 1 Ibm | 3 Lotus Protector For Mail Security, Proventia Network Mail Security System, Proventia Network Mail Security System Firmware | 2017-12-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2017-1549 | 1 Ibm | 1 Sterling File Gateway | 2017-12-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | |||||
| CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2017-12-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | |||||
| CVE-2017-1482 | 1 Ibm | 1 Sterling B2b Integrator | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. | |||||
| CVE-2017-1481 | 1 Ibm | 1 Sterling B2b Integrator | 2017-12-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | |||||
| CVE-2017-1465 | 1 Ibm | 1 Tririga Application Platform | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. | |||||
| CVE-2017-1498 | 1 Ibm | 1 Connections | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | |||||
| CVE-2017-1271 | 1 Ibm | 1 Security Guardium | 2017-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | |||||
| CVE-2017-1342 | 1 Ibm | 1 Insights Foundation For Energy | 2017-12-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | |||||
| CVE-2017-1353 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 3.5 LOW | 3.5 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | |||||
| CVE-2017-1354 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. | |||||
| CVE-2017-1355 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 4.3 MEDIUM | 3.7 LOW |
| IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | |||||
| CVE-2017-1356 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | |||||
| CVE-2012-0726 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | |||||
| CVE-2012-0708 | 1 Ibm | 1 Rational Clearquest | 2017-12-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. | |||||
| CVE-2012-0740 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-1999-1275 | 1 Ibm | 1 Lotus Cc Mail | 2017-12-19 | 4.6 MEDIUM | N/A |
| Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. | |||||
| CVE-2012-0743 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||||
| CVE-1999-1546 | 1 Ibm | 1 Navio Nc Browser | 2017-12-19 | 5.0 MEDIUM | N/A |
| netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. | |||||
| CVE-2001-1310 | 1 Ibm | 1 Secureway Directory | 2017-12-19 | 7.5 HIGH | N/A |
| IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0924 | 1 Ibm | 1 Informix Web Datablade | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2017-12-19 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2001-0051 | 1 Ibm | 1 Db2 Universal Database | 2017-12-19 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | |||||
| CVE-2001-1265 | 1 Ibm | 1 Alphaworks Tftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. | |||||