Filtered by vendor Ibm
Subscribe
Total
7009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2017-01-20 | 5.5 MEDIUM | 8.1 HIGH |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | |||||
| CVE-2014-4747 | 1 Ibm | 1 Sametime | 2017-01-07 | 2.1 LOW | N/A |
| The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. | |||||
| CVE-2014-3088 | 1 Ibm | 1 Sametime Meeting Server | 2017-01-07 | 5.5 MEDIUM | N/A |
| stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | |||||
| CVE-2014-0875 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2017-01-07 | 3.5 LOW | N/A |
| Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. | |||||
| CVE-2015-1920 | 1 Ibm | 1 Websphere Application Server | 2017-01-03 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | |||||
| CVE-2015-1889 | 1 Ibm | 1 Infosphere Biginsights | 2017-01-03 | 6.5 MEDIUM | N/A |
| The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. | |||||
| CVE-2015-0189 | 1 Ibm | 1 Websphere Mq | 2017-01-03 | 4.0 MEDIUM | N/A |
| The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. | |||||
| CVE-2015-0138 | 1 Ibm | 1 Tivoli Directory Server | 2017-01-03 | 4.3 MEDIUM | N/A |
| GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | |||||
| CVE-2014-8924 | 1 Ibm | 2 License Metric Tool, Tivoli Asset Discovery For Distributed | 2017-01-03 | 6.4 MEDIUM | N/A |
| The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4776 | 1 Ibm | 1 License Metric Tool | 2017-01-03 | 2.1 LOW | N/A |
| IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-0199 | 1 Ibm | 1 General Parallel File System | 2016-12-31 | 4.9 MEDIUM | N/A |
| The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls. | |||||
| CVE-2015-0198 | 1 Ibm | 1 General Parallel File System | 2016-12-31 | 10.0 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. | |||||
| CVE-2015-0197 | 1 Ibm | 1 General Parallel File System | 2016-12-31 | 7.2 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | |||||
| CVE-2016-2935 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | |||||
| CVE-2016-2934 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2931 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2016-2932 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||||
| CVE-2016-2933 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 6.8 MEDIUM | 6.8 MEDIUM |
| Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | |||||
| CVE-2015-2019 | 1 Ibm | 1 Tivoli Directory Server | 2016-12-30 | 2.1 LOW | N/A |
| IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | |||||