| CVE-2016-8951 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that co… |
| CVE-2017-1337 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. |
| CVE-2017-1264 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 1… |
| CVE-2017-1254 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1144 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
| CVE-2017-1176 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
| CVE-2016-0238 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… |
| CVE-2017-1322 |
high |
8.2 |
8.2 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat… |
| CVE-2017-1297 |
high |
7.3 |
8.3 |
EXP |
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… |
| CVE-2017-1105 |
high |
7.1 |
7.1 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… |
| CVE-2016-9738 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. |
| CVE-2017-1347 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2017-1379 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. |
| CVE-2016-9984 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. |
| CVE-2017-1319 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. |
| CVE-2016-9991 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the … |
| CVE-2016-9698 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… |
| CVE-2016-6098 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CVE-2017-1125 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. |
| CVE-2016-9977 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit t… |
| CVE-2017-1289 |
high |
8.2 |
8.2 |
|
sles |
ibm |
9y ago |
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2016-6112 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. I… |
| CVE-2016-5979 |
low |
2.7 |
2.7 |
|
|
ibm |
9y ago |
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the… |
| CVE-2017-1137 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access … |
| CVE-2017-1103 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp… |
| CVE-2016-5889 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t… |
| CVE-2017-1156 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attac… |
| CVE-2016-9692 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vul… |
| CVE-2016-9691 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could explo… |
| CVE-2016-9976 |
high |
8.4 |
8.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to… |
| CVE-2016-2930 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. |
| CVE-2017-1194 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user… |
| CVE-2017-1274 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… |
| CVE-2017-1149 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit thi… |
| CVE-2015-0104 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… |
| CVE-2017-1122 |
high |
7.4 |
7.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 12117… |
| CVE-2017-1161 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta… |
| CVE-2016-3036 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial o… |
| CVE-2017-1205 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. |
| CVE-2016-6100 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou… |
| CVE-2016-9707 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose… |
| CVE-2016-8917 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit… |
| CVE-2017-1153 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. |
| CVE-2016-8960 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu… |
| CVE-2016-6102 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, r… |
| CVE-2017-1151 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste… |
| CVE-2017-1145 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #:… |
| CVE-2017-1134 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. |
| CVE-2016-9697 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed betw… |
| CVE-2017-1150 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to vie… |
| CVE-2017-1124 |
low |
2.9 |
2.9 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. |
| CVE-2016-9740 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. |
| CVE-2016-9728 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Referen… |
| CVE-2016-9727 |
high |
8.5 |
8.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… |
| CVE-2016-9726 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne… |
| CVE-2016-9724 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose high… |
| CVE-2016-8940 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… |
| CVE-2016-9994 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9993 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-9992 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2016-2880 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. |
| CVE-2016-2879 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. |
| CVE-2016-9975 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that … |
| CVE-2016-9009 |
low |
3.1 |
3.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. |
| CVE-2016-8998 |
high |
7.2 |
7.2 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on … |
| CVE-2016-8974 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil… |
| CVE-2016-5919 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1… |
| CVE-2016-8972 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. |
| CVE-2016-6079 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… |
| CVE-2016-6033 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… |
| CVE-2016-5934 |
high |
7.3 |
7.3 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… |
| CVE-2016-0214 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe… |
| CVE-2016-0206 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. |
| CVE-2016-0202 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view… |
| CVE-2015-7494 |
low |
2.8 |
2.8 |
|
|
ibm |
9y ago |
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API … |
| CVE-2016-6104 |
high |
7.2 |
7.2 |
|
|
ibm |
9y ago |
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute … |
| CVE-2016-6103 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
| CVE-2016-9739 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. |
| CVE-2016-9703 |
low |
2.4 |
2.4 |
|
|
ibm |
10y ago |
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. |
| CVE-2016-9008 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. |
| CVE-2016-8932 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-8931 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-8930 |
high |
7.6 |
7.6 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… |
| CVE-2016-8928 |
high |
7.6 |
7.6 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… |
| CVE-2016-8919 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. |
| CVE-2016-6115 |
high |
7.2 |
7.2 |
|
|
ibm |
10y ago |
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the… |
| CVE-2016-6068 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. |
| CVE-2016-6001 |
low |
3.1 |
3.1 |
|
|
ibm |
10y ago |
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. |
| CVE-2016-5953 |
low |
3.7 |
3.7 |
|
|
ibm |
10y ago |
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa… |
| CVE-2016-5938 |
low |
3.3 |
3.3 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. |
| CVE-2016-2942 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. |
| CVE-2016-6105 |
high |
8.2 |
8.2 |
|
|
ibm |
10y ago |
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. |
| CVE-2016-8980 |
high |
8.1 |
8.1 |
|
linux-kernel |
ibm |
10y ago |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex… |
| CVE-2016-8942 |
low |
3.1 |
3.1 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. |
| CVE-2016-8941 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website… |
| CVE-2016-8921 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-6124 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
| CVE-2016-6065 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. |
| CVE-2016-6059 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… |
| CVE-2016-6045 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
