Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3014 | 1 Ibm | 1 Sametime | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-0827 | 1 Ibm | 1 Optim Workload Replay | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-6136 | 1 Ibm | 1 Security Appscan | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2014-0835 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings. | |||||
CVE-2014-0949 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. | |||||
CVE-2014-6092 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name. | |||||
CVE-2014-0961 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-02-28 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
CVE-2014-3066 | 1 Ibm | 1 Tivoli Endpoint Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2014-4839 | 1 Ibm | 1 Tririga Application Platform | 2024-02-28 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
CVE-2014-0862 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2015-0105 | 1 Ibm | 1 Business Process Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2013-6315 | 1 Ibm | 2 Enterprise Records, Infosphere Enterprise Records | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2013-5445 | 1 Ibm | 1 Cognos Express | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | |||||
CVE-2014-6199 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. | |||||
CVE-2011-1381 | 1 Ibm | 1 Openpages Grc Platform | 2024-02-28 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2014-3090 | 1 Ibm | 1 Rational Clearcase | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
CVE-2014-0846 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-0828 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0824 | 1 Ibm | 5 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 2 more | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL. | |||||
CVE-2014-6180 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. |