| CVE-2017-1369 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1364 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1359 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1345 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… |
| CVE-2017-1335 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1334 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1324 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2017-1591 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1531 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1530 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1425 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… |
| CVE-2017-1555 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. |
| CVE-2017-1551 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploi… |
| CVE-2017-1424 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… |
| CVE-2017-1235 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. |
| CVE-2014-6191 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X… |
| CVE-2015-0110 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal servi… |
| CVE-2017-1490 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. |
| CVE-2017-1556 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13… |
| CVE-2017-1508 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. |
| CVE-2017-1519 |
medium |
5.9 |
5.9 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. |
| CVE-2017-1439 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. |
| CVE-2017-1438 |
medium |
6.7 |
6.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. |
| CVE-2017-1434 |
medium |
4.7 |
4.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. |
| CVE-2017-1352 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: … |
| CVE-2017-1502 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1189 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… |
| CVE-2017-1098 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1457 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent… |
| CVE-2017-1130 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… |
| CVE-2017-1129 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… |
| CVE-2017-1450 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… |
| CVE-2017-1449 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… |
| CVE-2017-1447 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… |
| CVE-2017-1444 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… |
| CVE-2017-1446 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1445 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1443 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1441 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106. |
| CVE-2017-1535 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1485 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1428 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnera… |
| CVE-2017-1427 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1195 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafte… |
| CVE-2016-2980 |
medium |
6.3 |
6.3 |
|
|
ibm |
9y ago |
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Fo… |
| CVE-2016-2976 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. |
| CVE-2016-2975 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… |
| CVE-2016-2967 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality p… |
| CVE-2016-2966 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. |
| CVE-2016-2964 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. |
| CVE-2016-0358 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. |
| CVE-2016-2979 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… |
| CVE-2016-2977 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. |
| CVE-2016-2973 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… |
| CVE-2016-2971 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. |
| CVE-2016-2969 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. |
| CVE-2016-2965 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote a… |
| CVE-2016-2959 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. |
| CVE-2016-10503 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. I… |
| CVE-2016-0356 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-… |
| CVE-2016-0355 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-… |
| CVE-2016-0354 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which coul… |
| CVE-2017-1489 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an… |
| CVE-2017-1110 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force … |
| CVE-2016-9732 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int… |
| CVE-2016-2970 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. |
| CVE-2015-0101 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.… |
| CVE-2017-1501 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129… |
| CVE-2017-1338 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1190 |
medium |
6.4 |
6.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an… |
| CVE-2016-6029 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.… |
| CVE-2016-6021 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering t… |
| CVE-2017-1431 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… |
| CVE-2017-1377 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874. |
| CVE-2017-1168 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … |
| CVE-2017-1448 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… |
| CVE-2017-1357 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. |
| CVE-2016-8949 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… |
| CVE-2016-6121 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … |
| CVE-2017-1331 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … |
| CVE-2017-1504 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. |
| CVE-2017-1327 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1199 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
| CVE-2015-0194 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. |
| CVE-2017-1495 |
medium |
4.9 |
4.9 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID… |
| CVE-2017-1500 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parame… |
| CVE-2017-1496 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1386 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID… |
| CVE-2017-1370 |
medium |
4.9 |
4.9 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X… |
| CVE-2017-1332 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1303 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri… |
| CVE-2016-9719 |
medium |
5.7 |
5.7 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… |
| CVE-2016-9718 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
| CVE-2016-9717 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated pa… |
| CVE-2016-9715 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… |
| CVE-2017-1380 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2017-1287 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1249 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
| CVE-2017-1245 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in… |
| CVE-2016-8975 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
