| CVE-2017-1496 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1386 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID… |
| CVE-2017-1370 |
medium |
4.9 |
4.9 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X… |
| CVE-2017-1332 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1303 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri… |
| CVE-2016-9719 |
medium |
5.7 |
5.7 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… |
| CVE-2016-9718 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
| CVE-2016-9717 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated pa… |
| CVE-2016-9715 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… |
| CVE-2017-1380 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2017-1287 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1249 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
| CVE-2017-1245 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in… |
| CVE-2016-8975 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
| CVE-2016-6118 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1381 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… |
| CVE-2017-1374 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. |
| CVE-2017-1372 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1223 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1219 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … |
| CVE-2017-1203 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web … |
| CVE-2016-6018 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force … |
| CVE-2017-1308 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … |
| CVE-2016-8952 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2016-6019 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2017-1321 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1285 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… |
| CVE-2016-8953 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8950 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8948 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8947 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8946 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-6114 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1398 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a vic… |
| CVE-2017-1284 |
medium |
4.7 |
4.7 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM… |
| CVE-2017-1236 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 |
| CVE-2017-1157 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
| CVE-2017-1144 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
| CVE-2017-1096 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2016-9989 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9988 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9987 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9986 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9700 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
| CVE-2017-1208 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… |
| CVE-2017-1207 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. |
| CVE-2017-1176 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
| CVE-2017-1113 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2016-9746 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9733 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9701 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote… |
| CVE-2017-1258 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 |
| CVE-2017-1256 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2017-1217 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2016-0238 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… |
| CVE-2017-1310 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … |
| CVE-2017-1106 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1328 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker… |
| CVE-2017-1234 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2016-9972 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… |
| CVE-2016-6083 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. |
| CVE-2017-1349 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. |
| CVE-2017-1348 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1302 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. |
| CVE-2017-1193 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. |
| CVE-2017-1132 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1131 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. |
| CVE-2016-5893 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. |
| CVE-2017-1326 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the… |
| CVE-2016-9983 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. |
| CVE-2016-9982 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. |
| CVE-2016-9747 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1304 |
medium |
6.2 |
6.2 |
|
|
ibm |
9y ago |
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users appl… |
| CVE-2017-1117 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. |
| CVE-2017-1104 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1102 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1101 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1100 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1099 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. |
| CVE-2016-9973 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1278 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web brow… |
| CVE-2017-1276 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1247 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1214 |
medium |
5.7 |
5.7 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. |
| CVE-2017-1179 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. |
| CVE-2017-1140 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… |
| CVE-2016-9736 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. |
| CVE-2016-8987 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. |
| CVE-2014-4843 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information a… |
| CVE-2017-1305 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1178 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2017-1125 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. |
| CVE-2016-9710 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local syst… |
| CVE-2016-8939 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. |
| CVE-2016-6089 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. |
| CVE-2016-5960 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. |
| CVE-2016-5959 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via se… |
| CVE-2016-0254 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker c… |
| CVE-2017-1325 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1292 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. |
