| CVE-2026-7365 |
high |
7.8 |
7.8 |
|
|
ibm |
8d ago |
IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w… |
| CVE-2026-6938 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. |
| CVE-2026-6052 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. |
| CVE-2026-6051 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. |
| CVE-2026-5065 |
high |
8.8 |
8.8 |
|
|
ibm |
8d ago |
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to… |
| CVE-2026-4410 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, … |
| CVE-2026-3623 |
high |
7.8 |
7.8 |
|
|
ibm |
8d ago |
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c… |
| CVE-2026-3366 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An… |
| CVE-2026-1718 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. |
| CVE-2025-3633 |
high |
8.2 |
8.2 |
|
|
ibm |
8d ago |
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … |
| CVE-2026-3603 |
high |
7.1 |
7.1 |
|
|
ibm |
8d ago |
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML exter… |
| CVE-2026-8854 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. |
| CVE-2026-8835 |
high |
7.3 |
7.3 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive informat… |
| CVE-2026-8834 |
high |
8.0 |
8.0 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause … |
| CVE-2026-4051 |
high |
7.2 |
7.2 |
|
|
ibm |
8d ago |
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted. |
| CVE-2026-8852 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. |
| CVE-2026-8850 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. |
| CVE-2025-36221 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst… |
| CVE-2026-8620 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggl… |
| CVE-2026-8855 |
high |
8.1 |
8.1 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). |
| CVE-2025-36126 |
high |
7.6 |
7.6 |
|
|
ibm |
8d ago |
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows… |
| CVE-2026-6389 |
high |
7.8 |
7.8 |
|
|
ibm |
1mo ago |
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An a… |
| CVE-2025-36180 |
high |
7.5 |
7.5 |
|
|
ibm |
1mo ago |
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. |
| CVE-2025-36074 |
high |
7.2 |
7.2 |
|
|
ibm |
1mo ago |
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could uploa… |
| CVE-2017-1757 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in … |
| CVE-2017-1746 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … |
| CVE-2017-1696 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to… |
| CVE-2017-1694 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. |
| CVE-2017-1631 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … |
| CVE-2017-1598 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. |
| CVE-2017-1270 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki… |
| CVE-2017-1261 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. |
| CVE-2017-1716 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. |
| CVE-2017-1635 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute… |
| CVE-2017-1760 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. |
| CVE-2017-1606 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allo… |
| CVE-2017-1497 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. |
| CVE-2017-1356 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1355 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, … |
| CVE-2017-1353 |
low |
3.5 |
3.5 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 12668… |
| CVE-2017-1341 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. |
| CVE-2017-1271 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption o… |
| CVE-2017-1300 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… |
| CVE-2017-1228 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An a… |
| CVE-2017-1583 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. |
| CVE-2017-1523 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. |
| CVE-2017-1375 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:… |
| CVE-2017-1211 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. |
| CVE-2017-1210 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
| CVE-2017-1378 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. I… |
| CVE-2017-1201 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. |
| CVE-2017-1569 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. |
| CVE-2017-1311 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inf… |
| CVE-2017-1577 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences … |
| CVE-2017-1483 |
high |
8.6 |
8.6 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID… |
| CVE-2017-1407 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacke… |
| CVE-2017-1539 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LD… |
| CVE-2017-1527 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen… |
| CVE-2017-1362 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. |
| CVE-2017-1346 |
low |
2.5 |
2.5 |
|
|
ibm |
9y ago |
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 1264… |
| CVE-2015-0162 |
high |
7.0 |
7.0 |
|
|
ibm |
9y ago |
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. |
| CVE-2014-6106 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… |
| CVE-2017-1520 |
low |
3.7 |
3.7 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. |
| CVE-2017-1452 |
high |
7.8 |
7.8 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. |
| CVE-2017-1451 |
high |
7.8 |
7.8 |
|
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. |
| CVE-2017-1162 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. |
| CVE-2017-1491 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authen… |
| CVE-2017-1458 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informat… |
| CVE-2017-1097 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tra… |
| CVE-2017-1442 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the web… |
| CVE-2017-1440 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote sys… |
| CVE-2016-2978 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. |
| CVE-2016-2974 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the loc… |
| CVE-2016-2972 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. |
| CVE-2015-0114 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. |
| CVE-2014-8900 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. |
| CVE-2017-1422 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. |
| CVE-2017-1469 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. |
| CVE-2017-1192 |
high |
8.2 |
8.2 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive … |
| CVE-2017-1174 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … |
| CVE-2014-8903 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. |
| CVE-2017-1468 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. |
| CVE-2017-1467 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. |
| CVE-2017-1118 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156. |
| CVE-2016-9981 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 |
| CVE-2017-1227 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. |
| CVE-2016-9716 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions t… |
| CVE-2016-9714 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized act… |
| CVE-2017-1382 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker c… |
| CVE-2017-1381 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… |
| CVE-2017-1373 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force … |
| CVE-2017-1371 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access… |
| CVE-2017-1267 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. |
| CVE-2017-1309 |
high |
7.8 |
7.8 |
|
|
ibm |
9y ago |
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. |
| CVE-2017-1224 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. |
| CVE-2017-1218 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB… |
| CVE-2017-1318 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. |
| CVE-2017-1183 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-For… |
| CVE-2017-1182 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. I… |
| CVE-2017-1181 |
high |
7.0 |
7.0 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID… |
