| CVE-2016-0216 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… |
| CVE-2016-0213 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… |
| CVE-2016-0212 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… |
| CVE-2015-8524 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inj… |
| CVE-2015-7491 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a… |
| CVE-2015-7457 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted U… |
| CVE-2015-7455 |
low |
3.1 |
3.1 |
|
|
ibm |
10y ago |
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifi… |
| CVE-2015-7428 |
high |
7.4 |
7.4 |
|
|
ibm |
10y ago |
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… |
| CVE-2015-7425 |
critical |
10.0 |
10.0 |
|
|
ibm |
10y ago |
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6… |
| CVE-2016-0232 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by re… |
| CVE-2016-0231 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by re… |
| CVE-2015-7492 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated… |
| CVE-2015-7472 |
high |
7.2 |
7.2 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injec… |
| CVE-2015-7444 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vect… |
| CVE-2015-7408 |
low |
3.7 |
3.7 |
|
|
ibm |
11y ago |
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers … |
| CVE-2015-7398 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x b… |
| CVE-2015-5050 |
high |
8.8 |
8.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.… |
| CVE-2015-5042 |
high |
7.5 |
7.5 |
|
|
ibm |
11y ago |
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers… |
| CVE-2015-4991 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows loc… |
| CVE-2015-4957 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted… |
| CVE-2015-4956 |
high |
7.4 |
7.4 |
|
|
ibm |
11y ago |
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. |
| CVE-2015-2008 |
medium |
4.4 |
4.4 |
|
|
ibm |
11y ago |
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive … |
| CVE-2015-2005 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an… |
| CVE-2015-2012 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore … |
| CVE-2015-7464 |
high |
7.5 |
7.5 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder… |
| CVE-2016-0209 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-7488 |
medium |
5.9 |
5.9 |
|
|
ibm |
11y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. |
| CVE-2015-7487 |
medium |
4.1 |
4.1 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3… |
| CVE-2015-7439 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA… |
| CVE-2015-7417 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web… |
| CVE-2015-4951 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to ca… |
| CVE-2015-5009 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authentica… |
| CVE-2015-5008 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers … |
| CVE-2015-5002 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-4988 |
high |
8.6 |
8.6 |
|
|
ibm |
11y ago |
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9… |
| CVE-2015-4959 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-4942 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… |
| CVE-2015-7470 |
high |
7.5 |
7.5 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information v… |
| CVE-2015-7469 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restr… |
| CVE-2015-7468 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on… |
| CVE-2015-7467 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authentica… |
| CVE-2015-7414 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4… |
| CVE-2015-4960 |
medium |
4.1 |
4.1 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct… |
| CVE-2015-4958 |
low |
3.3 |
3.3 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, … |
| CVE-2015-5007 |
high |
8.8 |
8.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authenticat… |
| CVE-2015-7399 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTT… |
| CVE-2015-7466 |
low |
3.1 |
3.1 |
|
|
ibm |
11y ago |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass int… |
| CVE-2015-7465 |
high |
8.8 |
8.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack t… |
| CVE-2015-7397 |
high |
7.4 |
7.4 |
|
|
ibm |
11y ago |
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phi… |
| CVE-2015-5051 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow r… |
| CVE-2015-5038 |
high |
7.5 |
7.5 |
|
|
ibm |
11y ago |
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a den… |
| CVE-2015-5037 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentic… |
| CVE-2015-5036 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… |
| CVE-2015-5035 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… |
| CVE-2015-5023 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-5017 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2… |
| CVE-2015-5003 |
high |
8.5 |
8.5 |
|
|
ibm |
11y ago |
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view aut… |
| CVE-2015-4962 |
low |
3.5 |
3.5 |
|
|
ibm |
11y ago |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3… |
| CVE-2015-4946 |
low |
3.3 |
3.3 |
|
|
ibm |
11y ago |
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Ration… |
| CVE-2015-2007 |
medium |
5.0 |
5.0 |
|
|
ibm |
11y ago |
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2015-1985 |
medium |
5.6 |
5.6 |
|
|
ibm |
11y ago |
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. |
| CVE-2015-1971 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Mana… |
| CVE-2015-7452 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow r… |
| CVE-2015-7438 |
medium |
4.7 |
4.7 |
|
|
ibm |
11y ago |
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. |
| CVE-2015-7437 |
medium |
5.5 |
5.5 |
|
|
ibm |
11y ago |
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. |
| CVE-2015-7436 |
low |
2.5 |
2.5 |
|
|
ibm |
11y ago |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… |
| CVE-2015-7435 |
low |
2.5 |
2.5 |
|
|
ibm |
11y ago |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… |
| CVE-2015-7431 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-7426 |
critical |
10.0 |
10.0 |
|
|
ibm |
11y ago |
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 a… |
| CVE-2015-7422 |
medium |
5.5 |
6.5 |
EXP |
|
ibm |
11y ago |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2015-7416 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. |
| CVE-2015-7407 |
high |
8.8 |
8.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequ… |
| CVE-2015-7403 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect poin… |
| CVE-2015-7400 |
high |
7.7 |
7.7 |
|
|
ibm |
11y ago |
The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an… |
| CVE-2015-7396 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Con… |
| CVE-2015-2023 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
11y ago |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. |
| CVE-2015-1928 |
medium |
6.8 |
6.8 |
|
|
ibm |
11y ago |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (R… |
| CVE-2015-7451 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6… |
| CVE-2015-7442 |
high |
7.0 |
7.0 |
|
|
ibm |
11y ago |
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse p… |
| CVE-2015-7429 |
high |
8.5 |
8.5 |
|
|
ibm |
11y ago |
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and… |
| CVE-2015-7402 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-5020 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecifi… |
| CVE-2015-4996 |
medium |
5.1 |
5.1 |
|
|
ibm |
11y ago |
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. |
| CVE-2015-4990 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.… |
| CVE-2015-4989 |
low |
3.7 |
3.7 |
|
|
ibm |
11y ago |
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.… |
| CVE-2015-7456 |
medium |
6.5 |
6.5 |
|
|
ibm |
11y ago |
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. |
| CVE-2015-7409 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. |
| CVE-2015-7445 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive … |
| CVE-2015-7421 |
low |
3.7 |
3.7 |
|
|
ibm |
11y ago |
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. |
| CVE-2015-7420 |
low |
3.7 |
3.7 |
|
|
ibm |
11y ago |
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. |
| CVE-2015-7415 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web sc… |
| CVE-2015-7410 |
high |
7.4 |
7.4 |
|
|
ibm |
11y ago |
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or … |
| CVE-2015-5049 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecif… |
| CVE-2015-4943 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… |
| CVE-2015-4941 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. |
| CVE-2015-7489 |
high |
7.8 |
7.8 |
|
|
ibm |
11y ago |
IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. |
| CVE-2015-7441 |
medium |
6.8 |
6.8 |
|
|
ibm |
11y ago |
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 … |
| CVE-2015-1947 |
high |
7.4 |
7.4 |
|
|
ibm |
11y ago |
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is… |
| CVE-2015-7447 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Po… |
| CVE-2015-7413 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
