Filtered by vendor Ibm
Subscribe
Total
7313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0238 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 | |||||
| CVE-2016-0237 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328. | |||||
| CVE-2016-0235 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. | |||||
| CVE-2016-0234 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. | |||||
| CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | |||||
| CVE-2016-0223 | 1 Ibm | 1 Forms Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006. | |||||
| CVE-2016-0219 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. | |||||
| CVE-2016-0218 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-0215 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | |||||
| CVE-2016-0214 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | |||||
| CVE-2016-0210 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. | |||||
| CVE-2016-0207 | 1 Ibm | 1 Algo Risk Application | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399. | |||||
| CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | |||||
| CVE-2016-0205 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394. | |||||
| CVE-2016-0203 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. | |||||
| CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | |||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2024-11-21 | 1.7 LOW | 2.8 LOW |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | |||||
| CVE-2015-7493 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | |||||