Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4808 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
CVE-2014-4817 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-28 | 2.1 LOW | N/A |
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | |||||
CVE-2014-0906 | 1 Ibm | 1 Sametime | 2024-02-28 | 4.3 MEDIUM | N/A |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. | |||||
CVE-2014-3052 | 1 Ibm | 2 Security Access Manager For Web 8.0 Firmware, Security Access Manager For Web Appliance | 2024-02-28 | 3.3 LOW | N/A |
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. | |||||
CVE-2014-4801 | 1 Ibm | 1 Rational Quality Manager | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2015-1886 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 7.8 HIGH | N/A |
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. | |||||
CVE-2014-6100 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2013-6731 | 1 Ibm | 1 Netezza Performance Portal | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | |||||
CVE-2014-3034 | 1 Ibm | 1 Emptoris Contract Management | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2015-0123 | 1 Ibm | 1 Rational Team Concert | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122. | |||||
CVE-2014-2401 | 3 Ibm, Microsoft, Oracle | 5 Forms Viewer, Windows, Javafx and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
CVE-2014-3096 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2013-6304 | 1 Ibm | 2 Algo One, Algo Risk Application | 2024-02-28 | 4.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||||
CVE-2014-8920 | 1 Ibm | 1 I Access | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |||||
CVE-2014-6173 | 1 Ibm | 1 Business Process Manager | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-0890 | 1 Ibm | 1 Sametime | 2024-02-28 | 1.9 LOW | N/A |
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | |||||
CVE-2014-3071 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. | |||||
CVE-2014-8890 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.1 MEDIUM | N/A |
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. | |||||
CVE-2014-6147 | 1 Ibm | 1 Flex System Manager | 2024-02-28 | 2.1 LOW | N/A |
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. | |||||
CVE-2013-6308 | 1 Ibm | 1 Marketing Platform | 2024-02-28 | 4.9 MEDIUM | N/A |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. |