| CVE-2017-1254 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1253 |
critical |
9.9 |
9.9 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… |
| CVE-2017-1175 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1269 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform… |
| CVE-2017-1322 |
high |
8.2 |
8.2 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat… |
| CVE-2017-1297 |
high |
7.3 |
8.3 |
EXP |
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… |
| CVE-2017-1105 |
high |
7.1 |
7.1 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… |
| CVE-2016-9738 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. |
| CVE-2017-1347 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2017-1379 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. |
| CVE-2017-1197 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. |
| CVE-2016-9984 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. |
| CVE-2017-1319 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. |
| CVE-2016-9991 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the … |
| CVE-2016-9698 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… |
| CVE-2016-6098 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CVE-2016-6093 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. |
| CVE-2017-1196 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:… |
| CVE-2016-9977 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit t… |
| CVE-2016-6087 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. |
| CVE-2017-1289 |
high |
8.2 |
8.2 |
|
sles |
ibm |
9y ago |
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1092 |
critical |
9.8 |
10.0 |
EXP |
|
ibm |
9y ago |
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. |
| CVE-2016-6112 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. I… |
| CVE-2017-1137 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access … |
| CVE-2017-1103 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp… |
| CVE-2016-5889 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t… |
| CVE-2017-1156 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attac… |
| CVE-2016-9692 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vul… |
| CVE-2016-9691 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could explo… |
| CVE-2016-9976 |
high |
8.4 |
8.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to… |
| CVE-2016-2930 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. |
| CVE-2017-1194 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user… |
| CVE-2017-1274 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… |
| CVE-2017-1149 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit thi… |
| CVE-2015-0104 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… |
| CVE-2017-1122 |
high |
7.4 |
7.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 12117… |
| CVE-2017-1161 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta… |
| CVE-2016-3036 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial o… |
| CVE-2017-1205 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. |
| CVE-2016-6100 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou… |
| CVE-2016-9707 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose… |
| CVE-2016-8917 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit… |
| CVE-2016-6111 |
critical |
9.1 |
9.1 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… |
| CVE-2017-1153 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. |
| CVE-2016-8960 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu… |
| CVE-2017-1151 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste… |
| CVE-2017-1145 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #:… |
| CVE-2017-1134 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. |
| CVE-2016-9740 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. |
| CVE-2016-9728 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Referen… |
| CVE-2016-9727 |
high |
8.5 |
8.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… |
| CVE-2016-9726 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne… |
| CVE-2016-9724 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose high… |
| CVE-2016-8940 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… |
| CVE-2016-9994 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9993 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9992 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-2880 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. |
| CVE-2016-2879 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. |
| CVE-2016-9975 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that … |
| CVE-2016-8998 |
high |
7.2 |
7.2 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on … |
| CVE-2016-8974 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil… |
| CVE-2016-5919 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1… |
| CVE-2016-9706 |
critical |
9.1 |
9.1 |
|
|
ibm |
9y ago |
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… |
| CVE-2016-8972 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. |
| CVE-2016-6079 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… |
| CVE-2016-6033 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… |
| CVE-2016-0360 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding … |
| CVE-2016-9005 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. |
| CVE-2016-8954 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. |
| CVE-2016-5934 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… |
| CVE-2016-0214 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe… |
| CVE-2016-6104 |
high |
7.2 |
7.2 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute … |
| CVE-2016-6103 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
| CVE-2016-6095 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. |
| CVE-2016-9739 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. |
| CVE-2016-9008 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. |
| CVE-2016-8938 |
critical |
10.0 |
10.0 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cu… |
| CVE-2016-8932 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-8931 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-8930 |
high |
7.6 |
7.6 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… |
| CVE-2016-8928 |
high |
7.6 |
7.6 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… |
| CVE-2016-8919 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. |
| CVE-2016-6115 |
high |
7.2 |
7.2 |
|
|
ibm |
10y ago |
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the… |
| CVE-2016-6068 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. |
| CVE-2016-2942 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. |
| CVE-2016-6105 |
high |
8.2 |
8.2 |
|
|
ibm |
10y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. |
| CVE-2016-8980 |
high |
8.1 |
8.1 |
|
linux-kernel |
ibm |
10y ago |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex… |
| CVE-2016-8941 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website… |
| CVE-2016-8921 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-6124 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-6090 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial … |
| CVE-2016-6082 |
critical |
10.0 |
10.0 |
|
|
ibm |
10y ago |
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary… |
| CVE-2016-6065 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. |
| CVE-2016-6059 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… |
| CVE-2016-6045 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
| CVE-2016-6043 |
high |
7.0 |
7.0 |
|
|
ibm |
10y ago |
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. |
| CVE-2016-6042 |
high |
7.3 |
7.3 |
|
|
ibm |
10y ago |
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte… |
| CVE-2016-5985 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrar… |
| CVE-2016-5964 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. |
