| CVE-2016-6029 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.… |
| CVE-2016-6021 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering t… |
| CVE-2017-1431 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… |
| CVE-2017-1377 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874. |
| CVE-2017-1168 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … |
| CVE-2017-1448 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… |
| CVE-2017-1357 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. |
| CVE-2016-8949 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… |
| CVE-2016-6121 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … |
| CVE-2017-1331 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … |
| CVE-2017-1504 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. |
| CVE-2017-1327 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1199 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
| CVE-2015-0194 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. |
| CVE-2017-1495 |
medium |
4.9 |
4.9 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID… |
| CVE-2017-1383 |
critical |
9.1 |
9.1 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp… |
| CVE-2017-1500 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parame… |
| CVE-2017-1496 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1386 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID… |
| CVE-2017-1370 |
medium |
4.9 |
4.9 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X… |
| CVE-2017-1332 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1303 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri… |
| CVE-2016-9719 |
medium |
5.7 |
5.7 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… |
| CVE-2016-9718 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
| CVE-2016-9717 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated pa… |
| CVE-2016-9715 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… |
| CVE-2017-1380 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2017-1287 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1249 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
| CVE-2017-1245 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in… |
| CVE-2016-8975 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… |
| CVE-2016-6118 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1381 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… |
| CVE-2017-1374 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. |
| CVE-2017-1372 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1223 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1219 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … |
| CVE-2017-1203 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web … |
| CVE-2016-6018 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force … |
| CVE-2017-1308 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … |
| CVE-2016-8964 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. |
| CVE-2016-8952 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2016-6019 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2017-1321 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1285 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… |
| CVE-2016-8953 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8950 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8948 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8947 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8946 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-6114 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1398 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a vic… |
| CVE-2017-1284 |
medium |
4.7 |
4.7 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM… |
| CVE-2017-1236 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 |
| CVE-2017-1253 |
critical |
9.9 |
9.9 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… |
| CVE-2017-1157 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
| CVE-2017-1144 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
| CVE-2017-1096 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2016-9989 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9988 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9987 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9986 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9700 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
| CVE-2017-1208 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… |
| CVE-2017-1207 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. |
| CVE-2017-1176 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
| CVE-2017-1175 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1113 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2016-9746 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9733 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9701 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote… |
| CVE-2017-1269 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform… |
| CVE-2017-1258 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 |
| CVE-2017-1256 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2017-1217 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2016-0238 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… |
| CVE-2017-1310 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … |
| CVE-2017-1106 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1328 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker… |
| CVE-2017-1234 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2016-9972 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… |
| CVE-2016-6083 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. |
| CVE-2017-1349 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. |
| CVE-2017-1348 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1302 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. |
| CVE-2017-1193 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. |
| CVE-2017-1132 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1131 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. |
| CVE-2016-5893 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. |
| CVE-2017-1326 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the… |
| CVE-2016-9983 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. |
| CVE-2016-9982 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. |
| CVE-2016-9747 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1304 |
medium |
6.2 |
6.2 |
|
|
ibm |
9y ago |
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users appl… |
| CVE-2017-1117 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. |
| CVE-2017-1197 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. |
| CVE-2017-1104 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1102 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1101 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1100 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
