Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6745 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | |||||
CVE-2012-0737 | 1 Ibm | 1 Rational Appscan | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0579 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2024-02-28 | 4.3 MEDIUM | N/A |
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication. | |||||
CVE-2013-5449 | 1 Ibm | 1 Filenet Content Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-3016 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. | |||||
CVE-2012-3323 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.8 MEDIUM | N/A |
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||||
CVE-2013-3044 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 3.5 LOW | N/A |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges. | |||||
CVE-2012-4825 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. | |||||
CVE-2013-5421 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | |||||
CVE-2013-0600 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. | |||||
CVE-2013-0558 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors. | |||||
CVE-2013-3049 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971. | |||||
CVE-2013-6733 | 1 Ibm | 1 Sametime | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-3294 | 1 Ibm | 2 Websphere Mq, Websphere Mq Managed File Transfer | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. | |||||
CVE-2012-4846 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. | |||||
CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.9 MEDIUM | N/A |
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
CVE-2013-5373 | 1 Ibm | 1 Rational Clearcase | 2024-02-28 | 6.9 MEDIUM | N/A |
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands. | |||||
CVE-2013-4017 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2024-02-28 | 6.8 MEDIUM | N/A |
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. | |||||
CVE-2013-0542 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. |