| CVE-2016-3014 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5… |
| CVE-2016-3004 |
medium |
4.6 |
4.6 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use… |
| CVE-2016-2963 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence… |
| CVE-2016-2958 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. |
| CVE-2016-2957 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. |
| CVE-2016-2950 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2016-2948 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. |
| CVE-2016-2944 |
critical |
9.8 |
9.8 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2016-2940 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2016-2937 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil… |
| CVE-2016-2936 |
high |
7.3 |
7.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. |
| CVE-2016-2935 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. |
| CVE-2016-2934 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-2933 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. |
| CVE-2016-2932 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. |
| CVE-2016-2931 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
| CVE-2016-2929 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2016-2928 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. |
| CVE-2016-2927 |
medium |
5.9 |
5.9 |
|
|
ibm |
10y ago |
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms … |
| CVE-2016-2926 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 … |
| CVE-2016-0319 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of… |
| CVE-2016-0318 |
medium |
5.0 |
5.0 |
|
|
ibm |
10y ago |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by lev… |
| CVE-2016-0317 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2016-0316 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to… |
| CVE-2016-5991 |
medium |
4.5 |
4.5 |
|
|
ibm |
10y ago |
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. |
| CVE-2016-5981 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and S… |
| CVE-2016-5968 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… |
| CVE-2016-5967 |
medium |
5.5 |
5.5 |
|
|
ibm |
10y ago |
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. |
| CVE-2016-5955 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-3028 |
critical |
9.1 |
9.1 |
|
|
ibm |
10y ago |
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leve… |
| CVE-2016-3025 |
high |
8.1 |
8.1 |
|
|
ibm |
10y ago |
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attac… |
| CVE-2016-2988 |
high |
8.5 |
8.5 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … |
| CVE-2016-2986 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6… |
| CVE-2016-2985 |
high |
7.0 |
7.0 |
|
|
ibm |
10y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf… |
| CVE-2016-2984 |
high |
7.0 |
7.0 |
|
|
ibm |
10y ago |
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf… |
| CVE-2016-2996 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. |
| CVE-2016-2864 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2016-0325 |
medium |
6.3 |
6.3 |
|
|
ibm |
10y ago |
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … |
| CVE-2016-0285 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2016-0284 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 … |
| CVE-2016-0282 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. |
| CVE-2016-0273 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |
| CVE-2016-5920 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users … |
| CVE-2016-3060 |
medium |
5.7 |
5.7 |
|
|
ibm |
10y ago |
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote aut… |
| CVE-2016-0377 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authentica… |
| CVE-2016-0328 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execu… |
| CVE-2016-0326 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote auth… |
| CVE-2016-0247 |
high |
7.8 |
7.8 |
|
|
ibm |
10y ago |
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstr… |
| CVE-2016-0246 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web scrip… |
| CVE-2016-0242 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. |
| CVE-2016-0241 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by se… |
| CVE-2016-0239 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges v… |
| CVE-2016-0236 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with ro… |
| CVE-2016-0249 |
high |
8.6 |
8.6 |
|
|
ibm |
10y ago |
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbit… |
| CVE-2016-0204 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… |
| CVE-2016-3056 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users… |
| CVE-2016-6027 |
medium |
6.1 |
6.1 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remot… |
| CVE-2016-6026 |
medium |
5.3 |
5.3 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… |
| CVE-2016-6025 |
medium |
5.9 |
5.9 |
|
|
ibm |
10y ago |
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstati… |
| CVE-2016-6023 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary… |
| CVE-2016-5983 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbi… |
| CVE-2016-5901 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbi… |
| CVE-2016-5892 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated … |
| CVE-2016-5995 |
high |
7.3 |
7.3 |
|
linux-kernel |
ibm |
10y ago |
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse libra… |
| CVE-2016-5986 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote a… |
| CVE-2016-3042 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via v… |
| CVE-2016-5997 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5996 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5978 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9… |
| CVE-2016-5977 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0… |
| CVE-2016-5976 |
medium |
4.9 |
4.9 |
|
|
ibm |
10y ago |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… |
| CVE-2016-5975 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9… |
| CVE-2016-5974 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary… |
| CVE-2016-5972 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive in… |
| CVE-2016-5971 |
high |
7.1 |
7.1 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via… |
| CVE-2016-5970 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot do… |
| CVE-2016-5963 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspe… |
| CVE-2016-5957 |
high |
7.5 |
7.5 |
|
|
ibm |
10y ago |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by lever… |
| CVE-2016-5947 |
medium |
5.7 |
5.7 |
|
|
ibm |
10y ago |
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. |
| CVE-2016-5946 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot… |
| CVE-2016-5945 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. |
| CVE-2016-5944 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary … |
| CVE-2016-5943 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properti… |
| CVE-2016-3040 |
medium |
6.8 |
6.8 |
|
|
ibm |
10y ago |
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users… |
| CVE-2016-3007 |
high |
8.8 |
8.8 |
|
|
ibm |
10y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary … |
| CVE-2016-3006 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H… |
| CVE-2016-3003 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H… |
| CVE-2016-3001 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H… |
| CVE-2016-3000 |
medium |
4.3 |
4.3 |
|
|
ibm |
10y ago |
The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. |
| CVE-2016-2999 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. |
| CVE-2016-5954 |
medium |
6.5 |
6.5 |
|
|
ibm |
10y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a… |
| CVE-2016-5927 |
medium |
5.5 |
5.5 |
|
|
ibm |
10y ago |
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is config… |
| CVE-2016-0331 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remo… |
| CVE-2016-3010 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we… |
| CVE-2016-3008 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2016-3005 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we… |
| CVE-2016-2997 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we… |
| CVE-2016-2995 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we… |
| CVE-2016-2956 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2016-2954 |
medium |
5.4 |
5.4 |
|
|
ibm |
10y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… |
