Filtered by vendor Ibm
Subscribe
Total
7130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4163 | 1 Ibm | 1 Storediq | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. | |||||
CVE-2019-4298 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. | |||||
CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | |||||
CVE-2019-4150 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. | |||||
CVE-2019-4035 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | |||||
CVE-2018-1994 | 1 Ibm | 2 Infosphere Information Server On Cloud, Infosphere Metadata Asset Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. | |||||
CVE-2018-1633 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434. | |||||
CVE-2018-1760 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614. | |||||
CVE-2019-4134 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. | |||||
CVE-2019-4482 | 1 Ibm | 1 Emptoris Spend Analysis | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066. | |||||
CVE-2019-4093 | 2 Ibm, Microsoft | 2 Spectrum Protect, Windows | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981. | |||||
CVE-2019-4047 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. | |||||
CVE-2019-4250 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648. | |||||
CVE-2019-4157 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. | |||||
CVE-2019-4261 | 1 Ibm | 2 Mq, Websphere Mq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013. | |||||
CVE-2019-4048 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-02-28 | 2.1 LOW | 2.1 LOW |
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | |||||
CVE-2018-1990 | 1 Ibm | 1 Cloud App Management | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283. | |||||
CVE-2018-1828 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431. | |||||
CVE-2019-4267 | 1 Ibm | 1 Spectrum Protect | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200. | |||||
CVE-2019-4424 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. |