Filtered by vendor Ibm
Subscriptions
Total
7159 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39734 | 1 Ibm | 1 Datacap | 2024-09-18 | 4.3 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. | ||||
CVE-2022-33165 | 1 Ibm | 1 Security Directory Integrator | 2024-09-17 | 6.8 Medium |
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | ||||
CVE-2022-32755 | 1 Ibm | 3 Security Directory Server, Security Directory Suite, Security Verify Directory | 2024-09-17 | 5.5 Medium |
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. | ||||
CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2024-09-17 | N/A |
Buffer overflow in NLS (Natural Language Service). | ||||
CVE-2017-1238 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-09-17 | N/A |
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356. | ||||
CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2024-09-17 | 9.8 Critical |
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | ||||
CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 6.5 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
CVE-2017-1350 | 1 Ibm | 1 Infosphere Information Server | 2024-09-17 | N/A |
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. | ||||
CVE-2019-4098 | 1 Ibm | 1 Cloud Pak System | 2024-09-17 | 5.4 Medium |
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. | ||||
CVE-2020-4516 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-09-17 | 5.4 Medium |
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. | ||||
CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2024-09-17 | N/A |
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532. | ||||
CVE-2019-4645 | 1 Ibm | 1 Cognos Analytics | 2024-09-17 | 6.1 Medium |
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. | ||||
CVE-2020-4555 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | 5.4 Medium |
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. | ||||
CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-09-17 | N/A |
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | ||||
CVE-2017-1181 | 1 Ibm | 1 Tivoli Monitoring | 2024-09-17 | N/A |
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | ||||
CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2024-09-17 | 3.3 Low |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | ||||
CVE-2020-4718 | 1 Ibm | 1 Jazz Reporting Service | 2024-09-17 | 5.4 Medium |
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. | ||||
CVE-2017-1683 | 1 Ibm | 1 Connections Engagement Center | 2024-09-17 | N/A |
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. | ||||
CVE-2020-4499 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-09-17 | 9.8 Critical |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | ||||
CVE-2020-4174 | 1 Ibm | 1 Security Guardium Insights | 2024-09-17 | 7.5 High |
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. |