| CVE-2026-1248 |
medium |
4.3 |
4.3 |
|
|
ibm |
8d ago |
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. |
| CVE-2026-7876 |
critical |
9.1 |
9.1 |
|
|
ibm |
8d ago |
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 |
| CVE-2024-28765 |
medium |
5.3 |
5.3 |
|
|
ibm |
8d ago |
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message … |
| CVE-2026-8405 |
medium |
6.5 |
6.5 |
|
|
ibm |
8d ago |
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. |
| CVE-2026-6936 |
medium |
6.5 |
6.5 |
|
|
ibm |
8d ago |
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th… |
| CVE-2026-6053 |
medium |
5.5 |
5.5 |
|
linux-kernel |
ibm |
8d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. |
| CVE-2026-5516 |
medium |
4.4 |
4.4 |
|
|
ibm |
8d ago |
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting … |
| CVE-2026-5515 |
medium |
5.5 |
5.5 |
|
|
ibm |
8d ago |
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. |
| CVE-2026-3676 |
medium |
6.5 |
6.5 |
|
|
ibm |
8d ago |
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of se… |
| CVE-2026-3660 |
critical |
9.8 |
9.8 |
|
|
ibm |
9d ago |
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap… |
| CVE-2026-9170 |
critical |
9.8 |
9.8 |
|
|
ibm |
9d ago |
IBM HTTP Server 8.5, and 9.0 |
| CVE-2026-8633 |
critical |
9.8 |
9.8 |
|
|
ibm |
9d ago |
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi… |
| CVE-2025-36220 |
critical |
9.8 |
9.8 |
|
|
ibm |
9d ago |
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … |
| CVE-2025-36145 |
medium |
5.3 |
5.3 |
|
|
ibm |
9d ago |
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. |
| CVE-2025-14290 |
medium |
5.4 |
5.4 |
|
|
ibm |
9d ago |
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th… |
| CVE-2025-13755 |
medium |
5.5 |
5.5 |
|
|
ibm |
9d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local … |
| CVE-2026-8856 |
critical |
9.1 |
9.1 |
|
linux-kernel |
ibm |
9d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. |
| CVE-2025-36148 |
medium |
6.1 |
6.1 |
|
|
ibm |
9d ago |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo… |
| CVE-2026-1577 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… |
| CVE-2025-36335 |
medium |
5.5 |
5.5 |
|
|
ibm |
1mo ago |
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. |
| CVE-2025-36122 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially cra… |
| CVE-2025-14688 |
medium |
5.3 |
5.3 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… |
| CVE-2026-5935 |
critical |
9.8 |
9.8 |
|
|
ibm |
1mo ago |
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due … |
| CVE-2026-5926 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce… |
| CVE-2026-3621 |
medium |
5.9 |
5.9 |
|
|
ibm |
1mo ago |
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy… |
| CVE-2025-13702 |
medium |
5.4 |
5.4 |
|
linux-kernel |
ibm |
3mo ago |
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary J… |
| CVE-2025-36173 |
medium |
6.1 |
6.1 |
|
|
ibm |
3mo ago |
Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 |
| CVE-2025-36105 |
medium |
4.4 |
4.4 |
|
|
ibm |
3mo ago |
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. |
| CVE-2017-1698 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. |
| CVE-2017-1365 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip… |
| CVE-2017-1191 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366… |
| CVE-2017-1751 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… |
| CVE-2017-1600 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1596 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. |
| CVE-2017-1595 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. |
| CVE-2017-1494 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2017-1423 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. |
| CVE-2017-1266 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. |
| CVE-2017-1262 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo… |
| CVE-2017-1257 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. |
| CVE-2017-1558 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot… |
| CVE-2017-1546 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend… |
| CVE-2017-1421 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… |
| CVE-2017-1683 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … |
| CVE-2017-1632 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… |
| CVE-2017-1613 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. |
| CVE-2017-1550 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. |
| CVE-2017-1549 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… |
| CVE-2017-1548 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view… |
| CVE-2017-1536 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th… |
| CVE-2017-1507 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. |
| CVE-2017-1498 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1487 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. |
| CVE-2017-1482 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1481 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. |
| CVE-2017-1465 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit thi… |
| CVE-2017-1433 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. |
| CVE-2017-1354 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… |
| CVE-2017-1342 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. |
| CVE-2017-1336 |
medium |
4.4 |
4.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. |
| CVE-2017-1689 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2017-1688 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2017-1678 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1650 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2017-1628 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. |
| CVE-2017-1607 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… |
| CVE-2017-1593 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1570 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. |
| CVE-2017-1560 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1484 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. |
| CVE-2017-1461 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… |
| CVE-2017-1283 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IB… |
| CVE-2017-1251 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. |
| CVE-2017-1240 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. |
| CVE-2016-6024 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. |
| CVE-2017-1229 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacke… |
| CVE-2017-1221 |
critical |
9.8 |
9.8 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force … |
| CVE-2017-1554 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exp… |
| CVE-2017-1553 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… |
| CVE-2017-1552 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to cond… |
| CVE-2017-1340 |
medium |
5.0 |
5.0 |
|
|
ibm |
9y ago |
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. |
| CVE-2017-1333 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force … |
| CVE-2017-1290 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2017-1148 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attack… |
| CVE-2017-1147 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2016-3048 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… |
| CVE-2017-1521 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arb… |
| CVE-2017-1232 |
medium |
5.9 |
5.9 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-F… |
| CVE-2017-1230 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attacke… |
| CVE-2017-1226 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks… |
| CVE-2017-1225 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs v… |
| CVE-2017-1222 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM… |
| CVE-2017-1220 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID… |
| CVE-2017-1363 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… |
| CVE-2017-1295 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. |
| CVE-2017-1241 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. |
| CVE-2017-1169 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po… |
| CVE-2017-1164 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1212 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. |
| CVE-2017-1209 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter… |
