| CVE-2016-6118 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … |
| CVE-2017-1381 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… |
| CVE-2017-1374 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. |
| CVE-2017-1373 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force … |
| CVE-2017-1372 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… |
| CVE-2017-1371 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access… |
| CVE-2017-1267 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. |
| CVE-2017-1309 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. |
| CVE-2017-1224 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. |
| CVE-2017-1223 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… |
| CVE-2017-1219 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … |
| CVE-2017-1218 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB… |
| CVE-2017-1203 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web … |
| CVE-2016-6018 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force … |
| CVE-2017-1318 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. |
| CVE-2017-1183 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-For… |
| CVE-2017-1182 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. I… |
| CVE-2017-1181 |
high |
7.0 |
7.0 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID… |
| CVE-2017-1308 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … |
| CVE-2016-8964 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. |
| CVE-2016-8952 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2016-8951 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that co… |
| CVE-2016-6019 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
| CVE-2017-1321 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1285 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… |
| CVE-2016-8953 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8950 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8948 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-8947 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… |
| CVE-2016-8946 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2016-6114 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1398 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a vic… |
| CVE-2017-1337 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. |
| CVE-2017-1284 |
medium |
4.7 |
4.7 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM… |
| CVE-2017-1236 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 |
| CVE-2017-1264 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 1… |
| CVE-2017-1254 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… |
| CVE-2017-1253 |
critical |
9.9 |
9.9 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… |
| CVE-2017-1157 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
| CVE-2017-1144 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. |
| CVE-2017-1096 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2016-9989 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9988 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9987 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9986 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |
| CVE-2016-9700 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
| CVE-2017-1208 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… |
| CVE-2017-1207 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. |
| CVE-2017-1176 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. |
| CVE-2017-1175 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1113 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2016-9746 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9733 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2016-9701 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote… |
| CVE-2017-1269 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform… |
| CVE-2017-1258 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 |
| CVE-2017-1256 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2017-1217 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2016-0238 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… |
| CVE-2017-1310 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … |
| CVE-2017-1106 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1328 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker… |
| CVE-2017-1322 |
high |
8.2 |
8.2 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat… |
| CVE-2017-1297 |
high |
7.3 |
8.3 |
EXP |
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… |
| CVE-2017-1234 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1105 |
high |
7.1 |
7.1 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… |
| CVE-2016-9972 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… |
| CVE-2016-9738 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. |
| CVE-2016-6083 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. |
| CVE-2017-1349 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. |
| CVE-2017-1348 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1347 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2017-1302 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. |
| CVE-2017-1193 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. |
| CVE-2017-1132 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1131 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. |
| CVE-2016-5893 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. |
| CVE-2017-1326 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the… |
| CVE-2016-9983 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. |
| CVE-2016-9982 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. |
| CVE-2016-9747 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … |
| CVE-2017-1304 |
medium |
6.2 |
6.2 |
|
|
ibm |
9y ago |
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users appl… |
| CVE-2017-1117 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. |
| CVE-2017-1379 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. |
| CVE-2017-1197 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. |
| CVE-2017-1104 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1102 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1101 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1100 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… |
| CVE-2017-1099 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. |
| CVE-2016-9984 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. |
| CVE-2016-9973 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1278 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web brow… |
| CVE-2017-1276 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1247 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1214 |
medium |
5.7 |
5.7 |
|
|
ibm |
9y ago |
IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. |
| CVE-2017-1319 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. |
| CVE-2017-1179 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. |
| CVE-2017-1140 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… |
| CVE-2016-9991 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the … |
