Filtered by vendor Ibm
Subscriptions
Total
7159 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-4304 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 6.1 Medium |
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670. | ||||
CVE-2019-4216 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-09-17 | 4.6 Medium |
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187. | ||||
CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2024-09-17 | 9.1 Critical |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | ||||
CVE-2019-4231 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 4.3 Medium |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | ||||
CVE-2009-4333 | 1 Ibm | 1 Db2 | 2024-09-17 | N/A |
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | ||||
CVE-2020-4621 | 1 Ibm | 1 Data Risk Manager | 2024-09-17 | 8.8 High |
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. | ||||
CVE-2017-1445 | 1 Ibm | 1 Emptoris Spend Analysis | 2024-09-17 | N/A |
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | ||||
CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2024-09-17 | 5.4 Medium |
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | ||||
CVE-2020-4624 | 1 Ibm | 1 Cloud Pak For Security | 2024-09-17 | 5.3 Medium |
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. | ||||
CVE-2019-4106 | 1 Ibm | 1 Websphere Extreme Scale | 2024-09-17 | 4.8 Medium |
IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099. | ||||
CVE-2018-1814 | 1 Ibm | 1 Security Access Manager | 2024-09-17 | N/A |
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. | ||||
CVE-2020-4207 | 2 Ibm, Linux | 3 Iot Messagesight, Watson Iot Platform - Message Gateway, Linux Kernel | 2024-09-17 | 9.8 Critical |
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. | ||||
CVE-2022-31776 | 1 Ibm | 1 Datapower Gateway | 2024-09-17 | 8.8 High |
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. | ||||
CVE-2017-1251 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-09-17 | N/A |
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | ||||
CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2024-09-17 | 8.8 High |
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | ||||
CVE-2018-1380 | 1 Ibm | 1 Infosphere Master Data Management | 2024-09-17 | N/A |
IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. | ||||
CVE-2020-4224 | 1 Ibm | 1 Storediq | 2024-09-17 | 5.5 Medium |
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | ||||
CVE-2018-1392 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | N/A |
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377. | ||||
CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 4.3 Medium |
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | ||||
CVE-2021-38981 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-09-17 | 5.3 Medium |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. |