Filtered by vendor Ibm
Subscribe
Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0466 | 1 Ibm | 1 Websphere Message Broker | 2024-02-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. | |||||
| CVE-2012-3322 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. | |||||
| CVE-2013-4064 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2024-02-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA. | |||||
| CVE-2013-5407 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 4.9 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. | |||||
| CVE-2012-4841 | 1 Ibm | 1 Tivoli Endpoint Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors. | |||||
| CVE-2013-0484 | 1 Ibm | 1 Cognos Tm1 | 2024-02-28 | 4.3 MEDIUM | N/A |
| The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data. | |||||
| CVE-2013-3995 | 1 Ibm | 1 Infosphere Biginsights | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4826 | 1 Ibm | 1 Db2 | 2024-02-28 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | |||||
| CVE-2012-6356 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2024-02-28 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. | |||||
| CVE-2012-2167 | 1 Ibm | 2 Xiv Storage System Gen3, Xiv Storage System Gen3 Firmware | 2024-02-28 | 7.8 HIGH | N/A |
| The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | |||||
| CVE-2013-0454 | 3 Canonical, Ibm, Samba | 3 Ubuntu Linux, Storwize, Samba | 2024-02-28 | 4.0 MEDIUM | N/A |
| The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. | |||||
| CVE-2013-0518 | 1 Ibm | 1 Sterling Secure Proxy | 2024-02-28 | 4.3 MEDIUM | N/A |
| IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2012-3319 | 1 Ibm | 1 Rational Business Developer | 2024-02-28 | 5.0 MEDIUM | N/A |
| IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product. | |||||
| CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-2982 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 6.5 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. | |||||
| CVE-2013-0538 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. | |||||
| CVE-2013-0537 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 3.5 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. | |||||
| CVE-2012-2206 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 3.5 LOW | N/A |
| The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. | |||||
| CVE-2012-5936 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2012-5766 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. | |||||