Filtered by vendor Ibm
Subscribe
Total
7130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4419 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737. | |||||
CVE-2019-4212 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. | |||||
CVE-2019-4074 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108. | |||||
CVE-2019-4263 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. | |||||
CVE-2018-2001 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. | |||||
CVE-2019-4322 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. | |||||
CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | |||||
CVE-2019-4381 | 1 Ibm | 1 I | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159. | |||||
CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 3.5 LOW | 3.5 LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
CVE-2019-4167 | 1 Ibm | 1 Storediq | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. | |||||
CVE-2018-1923 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859. | |||||
CVE-2019-4155 | 1 Ibm | 1 Api Connect | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544. | |||||
CVE-2019-4092 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. | |||||
CVE-2019-4225 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. | |||||
CVE-2018-2004 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006. | |||||
CVE-2019-4118 | 1 Ibm | 1 Multicloud Manager | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. | |||||
CVE-2018-1892 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156. | |||||
CVE-2019-4338 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. | |||||
CVE-2019-4382 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | |||||
CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. |