| CVE-2015-5002 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-4959 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-4942 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… |
| CVE-2015-7469 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restr… |
| CVE-2015-7468 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on… |
| CVE-2015-7467 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authentica… |
| CVE-2015-7414 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4… |
| CVE-2015-4960 |
medium |
4.1 |
4.1 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct… |
| CVE-2015-7399 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTT… |
| CVE-2015-5051 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow r… |
| CVE-2015-5037 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentic… |
| CVE-2015-5036 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… |
| CVE-2015-5035 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… |
| CVE-2015-5023 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-5017 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2… |
| CVE-2015-2007 |
medium |
5.0 |
5.0 |
|
|
ibm |
11y ago |
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. |
| CVE-2015-1985 |
medium |
5.6 |
5.6 |
|
|
ibm |
11y ago |
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. |
| CVE-2015-1971 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Mana… |
| CVE-2015-7452 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow r… |
| CVE-2015-7438 |
medium |
4.7 |
4.7 |
|
|
ibm |
11y ago |
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. |
| CVE-2015-7437 |
medium |
5.5 |
5.5 |
|
|
ibm |
11y ago |
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. |
| CVE-2015-7431 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-7426 |
critical |
10.0 |
10.0 |
|
|
ibm |
11y ago |
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 a… |
| CVE-2015-7422 |
medium |
5.5 |
6.5 |
EXP |
|
ibm |
11y ago |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2015-7416 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. |
| CVE-2015-7403 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect poin… |
| CVE-2015-7396 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Con… |
| CVE-2015-1928 |
medium |
6.8 |
6.8 |
|
|
ibm |
11y ago |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (R… |
| CVE-2015-7451 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6… |
| CVE-2015-7402 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-5020 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecifi… |
| CVE-2015-4996 |
medium |
5.1 |
5.1 |
|
|
ibm |
11y ago |
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. |
| CVE-2015-4990 |
medium |
4.0 |
4.0 |
|
|
ibm |
11y ago |
The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.… |
| CVE-2015-7456 |
medium |
6.5 |
6.5 |
|
|
ibm |
11y ago |
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. |
| CVE-2015-7409 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. |
| CVE-2015-7445 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive … |
| CVE-2015-7415 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web sc… |
| CVE-2015-5049 |
medium |
5.4 |
5.4 |
|
|
ibm |
11y ago |
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecif… |
| CVE-2015-4943 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… |
| CVE-2015-4941 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. |
| CVE-2015-7441 |
medium |
6.8 |
6.8 |
|
|
ibm |
11y ago |
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 … |
| CVE-2015-7447 |
medium |
5.3 |
5.3 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Po… |
| CVE-2015-7413 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-5001 |
medium |
4.3 |
4.3 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a … |
| CVE-2015-4998 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… |
| CVE-2015-4993 |
medium |
6.1 |
6.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… |
| CVE-2015-5004 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain… |
| CVE-2015-7427 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspe… |
| CVE-2015-7819 |
medium |
— |
5.0 |
|
|
lenovoibm |
11y ago |
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a… |
| CVE-2015-5019 |
medium |
— |
5.5 |
|
|
ibm |
11y ago |
IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. |
| CVE-2015-5015 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. |
| CVE-2015-4966 |
medium |
— |
6.5 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFI… |
| CVE-2015-4928 |
medium |
— |
4.3 |
|
|
apacheibm |
11y ago |
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive infor… |
| CVE-2015-2017 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitra… |
| CVE-2015-1999 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs… |
| CVE-2015-1997 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for req… |
| CVE-2015-1995 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted UR… |
| CVE-2015-1994 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtai… |
| CVE-2015-1993 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these… |
| CVE-2015-1989 |
medium |
— |
6.5 |
|
|
ibm |
11y ago |
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-7395 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 F… |
| CVE-2015-5021 |
medium |
— |
5.5 |
|
|
ibm |
11y ago |
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. |
| CVE-2015-4997 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. |
| CVE-2014-8912 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which … |
| CVE-2015-5014 |
critical |
— |
9.3 |
|
|
ibm |
11y ago |
IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. |
| CVE-2015-4929 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive i… |
| CVE-2015-5024 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticat… |
| CVE-2015-5022 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a p… |
| CVE-2015-4973 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers t… |
| CVE-2015-4967 |
medium |
— |
6.5 |
|
|
ibm |
11y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 a… |
| CVE-2015-4965 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x b… |
| CVE-2015-4964 |
medium |
— |
6.0 |
|
|
ibm |
11y ago |
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by… |
| CVE-2015-4939 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0… |
| CVE-2015-4930 |
critical |
— |
9.0 |
|
|
ibm |
11y ago |
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. |
| CVE-2015-2030 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-2029 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. |
| CVE-2015-2028 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting … |
| CVE-2015-2026 |
medium |
— |
6.0 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrar… |
| CVE-2015-2025 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to captur… |
| CVE-2015-2016 |
critical |
— |
9.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unkno… |
| CVE-2015-2011 |
critical |
— |
9.0 |
|
|
ibm |
11y ago |
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via un… |
| CVE-2015-1934 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001… |
| CVE-2015-0195 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject … |
| CVE-2015-0145 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack … |
| CVE-2015-0143 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2015-0142 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and… |
| CVE-2015-0141 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. |
| CVE-2015-4947 |
critical |
— |
9.0 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere … |
| CVE-2015-4980 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. |
| CVE-2015-2013 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. |
| CVE-2015-4950 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; T… |
| CVE-2015-2015 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a… |
| CVE-2015-2014 |
medium |
— |
5.8 |
|
|
ibm |
11y ago |
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att… |
| CVE-2015-4938 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vector… |
| CVE-2015-1932 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sens… |
| CVE-2015-4936 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. |
| CVE-2015-4935 |
critical |
— |
10.0 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability … |
| CVE-2015-4934 |
critical |
— |
10.0 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability … |
| CVE-2015-4933 |
critical |
— |
10.0 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability … |
| CVE-2015-4932 |
critical |
— |
10.0 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability … |
