Filtered by vendor Ibm
Subscribe
Total
7130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4069 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. | |||||
CVE-2019-4139 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. | |||||
CVE-2019-4011 | 1 Ibm | 1 Bigfix Platform | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885. | |||||
CVE-2017-1107 | 1 Ibm | 1 Marketing Platform | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. | |||||
CVE-2019-4033 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. | |||||
CVE-2019-4303 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. | |||||
CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | |||||
CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007 | |||||
CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-02-28 | 8.5 HIGH | 8.0 HIGH |
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | |||||
CVE-2019-4162 | 1 Ibm | 1 Security Information Queue | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. | |||||
CVE-2019-4183 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | |||||
CVE-2018-1913 | 1 Ibm | 1 Doors Next Generation | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737. | |||||
CVE-2018-1902 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. | |||||
CVE-2019-4485 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069. | |||||
CVE-2018-1845 | 3 Ibm, Linux, Microsoft | 8 Aix, Infosphere Governance Catalog, Infosphere Information Server and 5 more | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. | |||||
CVE-2018-1823 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426. | |||||
CVE-2019-4473 | 1 Ibm | 1 Java | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | |||||
CVE-2019-4051 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542. | |||||
CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
CVE-2019-4460 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. |