| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356. |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. |
| IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. |
| IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105. |
| The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. |
| IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 |
| IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545. |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905. |
| IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. |
| IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. |
| IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. |
