| CVE-2026-1248 |
medium |
4.3 |
4.3 |
|
|
ibm |
7d ago |
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. |
| CVE-2026-7876 |
critical |
9.1 |
9.1 |
|
|
ibm |
7d ago |
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 |
| CVE-2026-7365 |
high |
7.8 |
7.8 |
|
|
ibm |
7d ago |
IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w… |
| CVE-2024-28765 |
medium |
5.3 |
5.3 |
|
|
ibm |
7d ago |
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message … |
| CVE-2026-8405 |
medium |
6.5 |
6.5 |
|
|
ibm |
7d ago |
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. |
| CVE-2026-6938 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
7d ago |
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. |
| CVE-2026-6936 |
medium |
6.5 |
6.5 |
|
|
ibm |
7d ago |
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th… |
| CVE-2026-6053 |
medium |
5.5 |
5.5 |
|
linux-kernel |
ibm |
7d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. |
| CVE-2026-6052 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
7d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. |
| CVE-2026-6051 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
7d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. |
| CVE-2026-5516 |
medium |
4.4 |
4.4 |
|
|
ibm |
7d ago |
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting … |
| CVE-2026-5515 |
medium |
5.5 |
5.5 |
|
|
ibm |
7d ago |
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. |
| CVE-2026-5065 |
high |
8.8 |
8.8 |
|
|
ibm |
7d ago |
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to… |
| CVE-2026-4410 |
high |
7.5 |
7.5 |
|
|
ibm |
7d ago |
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, … |
| CVE-2026-3676 |
medium |
6.5 |
6.5 |
|
|
ibm |
7d ago |
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of se… |
| CVE-2026-3623 |
high |
7.8 |
7.8 |
|
|
ibm |
7d ago |
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c… |
| CVE-2026-3366 |
high |
7.5 |
7.5 |
|
|
ibm |
7d ago |
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An… |
| CVE-2026-1718 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
7d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. |
| CVE-2025-3633 |
high |
8.2 |
8.2 |
|
|
ibm |
7d ago |
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … |
| CVE-2026-3660 |
critical |
9.8 |
9.8 |
|
|
ibm |
8d ago |
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap… |
| CVE-2026-3603 |
high |
7.1 |
7.1 |
|
|
ibm |
8d ago |
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML exter… |
| CVE-2026-8854 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. |
| CVE-2026-8835 |
high |
7.3 |
7.3 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive informat… |
| CVE-2026-8834 |
high |
8.0 |
8.0 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause … |
| CVE-2026-4051 |
high |
7.2 |
7.2 |
|
|
ibm |
8d ago |
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted. |
| CVE-2026-9170 |
critical |
9.8 |
9.8 |
|
|
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 |
| CVE-2026-8633 |
critical |
9.8 |
9.8 |
|
|
ibm |
8d ago |
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi… |
| CVE-2026-8852 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. |
| CVE-2026-8850 |
high |
7.5 |
7.5 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. |
| CVE-2025-36221 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst… |
| CVE-2025-36220 |
critical |
9.8 |
9.8 |
|
|
ibm |
8d ago |
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … |
| CVE-2025-36145 |
medium |
5.3 |
5.3 |
|
|
ibm |
8d ago |
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. |
| CVE-2025-14290 |
medium |
5.4 |
5.4 |
|
|
ibm |
8d ago |
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th… |
| CVE-2025-13755 |
medium |
5.5 |
5.5 |
|
|
ibm |
8d ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local … |
| CVE-2026-8620 |
high |
7.5 |
7.5 |
|
|
ibm |
8d ago |
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggl… |
| CVE-2026-8855 |
high |
8.1 |
8.1 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). |
| CVE-2026-8856 |
critical |
9.1 |
9.1 |
|
linux-kernel |
ibm |
8d ago |
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. |
| CVE-2025-36126 |
high |
7.6 |
7.6 |
|
|
ibm |
8d ago |
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows… |
| CVE-2025-36148 |
medium |
6.1 |
6.1 |
|
|
ibm |
8d ago |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo… |
| CVE-2026-6389 |
high |
7.8 |
7.8 |
|
|
ibm |
1mo ago |
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An a… |
| CVE-2026-1577 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… |
| CVE-2025-36335 |
medium |
5.5 |
5.5 |
|
|
ibm |
1mo ago |
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. |
| CVE-2025-36180 |
high |
7.5 |
7.5 |
|
|
ibm |
1mo ago |
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. |
| CVE-2025-36122 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially cra… |
| CVE-2025-14688 |
medium |
5.3 |
5.3 |
|
|
ibm |
1mo ago |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… |
| CVE-2026-5935 |
critical |
9.8 |
9.8 |
|
|
ibm |
1mo ago |
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due … |
| CVE-2026-5926 |
medium |
6.5 |
6.5 |
|
|
ibm |
1mo ago |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce… |
| CVE-2026-3621 |
medium |
5.9 |
5.9 |
|
|
ibm |
1mo ago |
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy… |
| CVE-2025-36074 |
high |
7.2 |
7.2 |
|
|
ibm |
1mo ago |
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could uploa… |
| CVE-2025-13702 |
medium |
5.4 |
5.4 |
|
linux-kernel |
ibm |
3mo ago |
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary J… |
| CVE-2025-36173 |
medium |
6.1 |
6.1 |
|
|
ibm |
3mo ago |
Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 |
| CVE-2025-36105 |
medium |
4.4 |
4.4 |
|
|
ibm |
3mo ago |
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. |
| CVE-2017-1698 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. |
| CVE-2017-1365 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip… |
| CVE-2017-1191 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366… |
| CVE-2017-1757 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in … |
| CVE-2017-1751 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… |
| CVE-2017-1746 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … |
| CVE-2017-1696 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to… |
| CVE-2017-1694 |
high |
8.1 |
8.1 |
|
|
ibm |
9y ago |
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. |
| CVE-2017-1631 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … |
| CVE-2017-1600 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… |
| CVE-2017-1598 |
high |
7.5 |
7.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. |
| CVE-2017-1596 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. |
| CVE-2017-1595 |
medium |
5.5 |
5.5 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. |
| CVE-2017-1494 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |
| CVE-2017-1423 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. |
| CVE-2017-1270 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki… |
| CVE-2017-1266 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. |
| CVE-2017-1262 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo… |
| CVE-2017-1261 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. |
| CVE-2017-1257 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. |
| CVE-2017-1716 |
low |
3.3 |
3.3 |
|
|
ibm |
9y ago |
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. |
| CVE-2017-1635 |
high |
8.0 |
8.0 |
|
|
ibm |
9y ago |
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute… |
| CVE-2017-1558 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot… |
| CVE-2017-1546 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend… |
| CVE-2017-1421 |
medium |
6.1 |
6.1 |
|
|
ibm |
9y ago |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… |
| CVE-2017-1760 |
high |
7.1 |
7.1 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. |
| CVE-2017-1683 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … |
| CVE-2017-1632 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… |
| CVE-2017-1613 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. |
| CVE-2017-1606 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allo… |
| CVE-2017-1550 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. |
| CVE-2017-1549 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… |
| CVE-2017-1548 |
medium |
5.3 |
5.3 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view… |
| CVE-2017-1536 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th… |
| CVE-2017-1507 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. |
| CVE-2017-1498 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… |
| CVE-2017-1497 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. |
| CVE-2017-1487 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. |
| CVE-2017-1482 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… |
| CVE-2017-1481 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. |
| CVE-2017-1465 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit thi… |
| CVE-2017-1433 |
medium |
6.5 |
6.5 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. |
| CVE-2017-1356 |
high |
8.8 |
8.8 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… |
| CVE-2017-1355 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, … |
| CVE-2017-1354 |
medium |
5.4 |
5.4 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… |
| CVE-2017-1353 |
low |
3.5 |
3.5 |
|
|
ibm |
9y ago |
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 12668… |
| CVE-2017-1342 |
medium |
4.3 |
4.3 |
|
|
ibm |
9y ago |
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. |
| CVE-2017-1341 |
low |
3.7 |
3.7 |
|
|
ibm |
9y ago |
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. |
