| CVE-2017-1381 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… |
| CVE-2017-1373 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force … |
| CVE-2017-1371 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access… |
| CVE-2017-1267 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. |
| CVE-2017-1309 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. |
| CVE-2017-1224 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. |
| CVE-2017-1218 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB… |
| CVE-2017-1318 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. |
| CVE-2017-1183 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-For… |
| CVE-2017-1182 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. I… |
| CVE-2017-1181 |
high |
7.0 |
7.0 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID… |
| CVE-2016-8964 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. |
| CVE-2016-8951 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that co… |
| CVE-2017-1337 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. |
| CVE-2017-1264 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 1… |
| CVE-2017-1254 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1253 |
critical |
9.9 |
9.9 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… |
| CVE-2017-1144 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
| CVE-2017-1176 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
| CVE-2017-1175 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1269 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform… |
| CVE-2016-0238 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… |
| CVE-2017-1322 |
high |
8.2 |
8.2 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat… |
| CVE-2017-1297 |
high |
7.3 |
8.3 |
EXP |
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… |
| CVE-2017-1105 |
high |
7.1 |
7.1 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… |
| CVE-2016-9738 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. |
| CVE-2017-1347 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2017-1379 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. |
| CVE-2017-1197 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. |
| CVE-2016-9984 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. |
| CVE-2017-1319 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. |
| CVE-2016-9991 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the … |
| CVE-2016-9698 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… |
| CVE-2016-6098 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CVE-2016-6093 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. |
| CVE-2017-1196 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:… |
| CVE-2017-1125 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. |
| CVE-2016-9977 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit t… |
| CVE-2016-6087 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. |
| CVE-2017-1289 |
high |
8.2 |
8.2 |
|
sles |
ibm |
9y ago |
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1092 |
critical |
9.8 |
10.0 |
EXP |
|
ibm |
9y ago |
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. |
| CVE-2016-6112 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. I… |
| CVE-2016-5979 |
low |
2.7 |
2.7 |
|
|
ibm |
9y ago |
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the… |
| CVE-2017-1137 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access … |
| CVE-2017-1103 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp… |
| CVE-2016-5889 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t… |
| CVE-2017-1156 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attac… |
| CVE-2016-9692 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vul… |
| CVE-2016-9691 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could explo… |
| CVE-2016-9976 |
high |
8.4 |
8.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to… |
| CVE-2016-2930 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. |
| CVE-2017-1194 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user… |
| CVE-2017-1274 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… |
| CVE-2017-1149 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit thi… |
| CVE-2015-0104 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… |
| CVE-2017-1122 |
high |
7.4 |
7.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 12117… |
| CVE-2017-1161 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta… |
| CVE-2016-3036 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial o… |
| CVE-2017-1205 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. |
| CVE-2016-6100 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou… |
| CVE-2016-9707 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose… |
| CVE-2016-8917 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit… |
| CVE-2016-6111 |
critical |
9.1 |
9.1 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… |
| CVE-2017-1153 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. |
| CVE-2016-8960 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu… |
| CVE-2016-6102 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, r… |
| CVE-2017-1151 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste… |
| CVE-2017-1145 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #:… |
| CVE-2017-1134 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. |
| CVE-2016-9697 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed betw… |
| CVE-2017-1150 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to vie… |
| CVE-2017-1124 |
low |
2.9 |
2.9 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. |
| CVE-2016-9740 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. |
| CVE-2016-9728 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Referen… |
| CVE-2016-9727 |
high |
8.5 |
8.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… |
| CVE-2016-9726 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne… |
| CVE-2016-9724 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose high… |
| CVE-2016-8940 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… |
| CVE-2016-9994 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9993 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9992 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-2880 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. |
| CVE-2016-2879 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. |
| CVE-2016-9975 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that … |
| CVE-2016-9009 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. |
| CVE-2016-8998 |
high |
7.2 |
7.2 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on … |
| CVE-2016-8974 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil… |
| CVE-2016-5919 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1… |
| CVE-2016-9706 |
critical |
9.1 |
9.1 |
|
|
ibm |
9y ago |
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… |
| CVE-2016-8972 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. |
| CVE-2016-6079 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… |
| CVE-2016-6033 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… |
| CVE-2016-0360 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding … |
| CVE-2016-9005 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. |
| CVE-2016-8954 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. |
| CVE-2016-5934 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… |
| CVE-2016-0214 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe… |
| CVE-2016-0206 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. |
| CVE-2016-0202 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view… |
| CVE-2015-7494 |
low |
2.8 |
2.8 |
|
|
ibm |
9y ago |
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API … |
