Filtered by vendor Ibm
Subscribe
Total
7130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4043 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. | |||||
CVE-2018-1936 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316. | |||||
CVE-2018-1998 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887. | |||||
CVE-2018-1984 | 1 Ibm | 1 Rational Team Concert | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137. | |||||
CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
CVE-2018-1635 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439. | |||||
CVE-2019-4296 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | |||||
CVE-2019-4241 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467. | |||||
CVE-2018-1992 | 1 Ibm | 22 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 19 more | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345. | |||||
CVE-2019-4119 | 1 Ibm | 1 Cloud Private | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. | |||||
CVE-2018-1761 | 1 Ibm | 1 Rational Team Concert | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148615. | |||||
CVE-2018-1829 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432. | |||||
CVE-2019-4224 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. | |||||
CVE-2018-1952 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495. | |||||
CVE-2019-4177 | 1 Ibm | 1 Cognos Controller | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882. | |||||
CVE-2019-4049 | 1 Ibm | 1 Mq | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398. | |||||
CVE-2019-4012 | 1 Ibm | 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. | |||||
CVE-2018-1885 | 1 Ibm | 4 Business Automation Workflow, Business Process Manager, Business Process Manager Enterprise Service Bus and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. | |||||
CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | |||||
CVE-2018-1626 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411. |