Search Results (8337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4045 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4601 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.
CVE-2013-5430 1 Ibm 1 Security Appscan 2025-04-11 N/A
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.
CVE-2010-4547 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
CVE-2013-5370 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
CVE-2013-5456 2 Ibm, Redhat 2 Java, Rhel Extras 2025-04-11 N/A
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
CVE-2013-6717 1 Ibm 3 Db2, Db2 Connect, Db2 Purescale Feature 9.8 2025-04-11 N/A
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.
CVE-2013-5429 1 Ibm 1 Tivoli Federated Identity Manager 2025-04-11 N/A
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
CVE-2011-5065 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.
CVE-2011-5066 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.
CVE-2013-5420 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2025-04-11 N/A
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
CVE-2013-5416 1 Ibm 1 Rational Clearcase 2025-04-11 N/A
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
CVE-2013-5413 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
CVE-2011-1208 1 Ibm 1 Soliddb 2025-04-11 N/A
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command.
CVE-2011-1045 1 Ibm 2 Filenet P8 Content Manager, Filenet P8 Rendition Engine 2025-04-11 N/A
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.
CVE-2011-1034 1 Ibm 1 Rational Build Forge 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information.
CVE-2011-1032 1 Ibm 2 Lotus Connections, Websphere Application Server 2025-04-11 N/A
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
CVE-2011-0919 1 Ibm 1 Lotus Domino 2025-04-11 N/A
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.
CVE-2011-0918 1 Ibm 1 Lotus Domino 2025-04-11 N/A
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
CVE-2011-0913 1 Ibm 1 Lotus Domino 2025-04-11 N/A
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.