| CVE-2017-1607 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2017-1593 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1570 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. |
| CVE-2017-1560 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1484 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. |
| CVE-2017-1461 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1283 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IB… |
| CVE-2017-1251 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. |
| CVE-2017-1240 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. |
| CVE-2016-6024 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. |
| CVE-2017-1229 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacke… |
| CVE-2017-1221 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force … |
| CVE-2017-1554 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exp… |
| CVE-2017-1553 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1552 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to cond… |
| CVE-2017-1340 |
medium |
5.0 |
5.0 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. |
| CVE-2017-1333 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force … |
| CVE-2017-1300 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
| CVE-2017-1290 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2017-1148 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attack… |
| CVE-2017-1147 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2016-3048 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2017-1521 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arb… |
| CVE-2017-1232 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-F… |
| CVE-2017-1230 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attacke… |
| CVE-2017-1226 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks… |
| CVE-2017-1225 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs v… |
| CVE-2017-1222 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM… |
| CVE-2017-1220 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID… |
| CVE-2017-1363 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1295 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. |
| CVE-2017-1241 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. |
| CVE-2017-1169 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po… |
| CVE-2017-1164 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1583 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. |
| CVE-2017-1523 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. |
| CVE-2017-1375 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:… |
| CVE-2017-1212 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. |
| CVE-2017-1210 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
| CVE-2017-1209 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter… |
| CVE-2016-3049 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser with… |
| CVE-2017-1538 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. |
| CVE-2017-1503 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the s… |
| CVE-2017-1522 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1378 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. I… |
| CVE-2017-1339 |
medium |
4.4 |
4.4 |
|
|
ibm |
9y ago |
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or adm… |
| CVE-2017-1301 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit… |
| CVE-2017-1201 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. |
| CVE-2016-8937 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. A… |
| CVE-2017-1126 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Forc… |
| CVE-2017-1569 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. |
| CVE-2017-1429 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1369 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1364 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1359 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1345 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… |
| CVE-2017-1335 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1334 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1324 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1311 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inf… |
| CVE-2017-1591 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1577 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences … |
| CVE-2017-1483 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID… |
| CVE-2017-1407 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacke… |
| CVE-2017-1539 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LD… |
| CVE-2017-1531 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1530 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1527 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen… |
| CVE-2017-1425 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1555 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. |
| CVE-2017-1551 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploi… |
| CVE-2017-1424 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… |
| CVE-2017-1362 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. |
| CVE-2017-1235 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. |
| CVE-2015-0162 |
high |
7.0 |
7.0 |
|
|
ibm |
9y ago |
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. |
| CVE-2014-6191 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X… |
| CVE-2014-6106 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… |
| CVE-2015-0110 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal servi… |
| CVE-2017-1490 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. |
| CVE-2017-1556 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13… |
| CVE-2017-1508 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. |
| CVE-2017-1519 |
medium |
5.9 |
5.9 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. |
| CVE-2017-1452 |
high |
7.8 |
7.8 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. |
| CVE-2017-1451 |
high |
7.8 |
7.8 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. |
| CVE-2017-1439 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. |
| CVE-2017-1438 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. |
| CVE-2017-1434 |
medium |
4.7 |
4.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. |
| CVE-2017-1352 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: … |
| CVE-2017-1162 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. |
| CVE-2017-1502 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1189 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… |
| CVE-2017-1098 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1491 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authen… |
| CVE-2017-1458 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informat… |
| CVE-2017-1457 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent… |
| CVE-2017-1130 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… |
| CVE-2017-1129 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… |
| CVE-2017-1097 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tra… |
| CVE-2017-1450 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… |
| CVE-2017-1449 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… |
