Filtered by vendor Ibm
Subscriptions
Total
7953 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3039 | 1 Ibm | 1 Traveler | 2025-04-12 | N/A |
| IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-5947 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-12 | N/A |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2015-1896 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | N/A |
| Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | ||||
| CVE-2014-3104 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||
| CVE-2016-0201 | 1 Ibm | 1 Security Network Protection Firmware | 2025-04-12 | N/A |
| GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | ||||
| CVE-2015-7398 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2016-0209 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2016 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors. | ||||
| CVE-2014-8887 | 1 Ibm | 1 Marketing Operations | 2025-04-12 | N/A |
| IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors. | ||||
| CVE-2014-3086 | 2 Ibm, Redhat | 5 Lotus Domino, Lotus Notes, Websphere Real Time and 2 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. | ||||
| CVE-2015-7403 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2025-04-12 | N/A |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors. | ||||
| CVE-2015-2019 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-12 | N/A |
| IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| CVE-2015-8531 | 1 Ibm | 2 Security Access Manager 9.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-8530 | 1 Ibm | 1 Spss Statistics | 2025-04-12 | N/A |
| Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument. | ||||
| CVE-2016-0208 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | ||||
| CVE-2015-7412 | 1 Ibm | 1 Datapower Gateway | 2025-04-12 | N/A |
| The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. | ||||
| CVE-2015-8524 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-8523 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | N/A |
| The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | ||||
| CVE-2014-3081 | 1 Ibm | 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-12 | N/A |
| prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. | ||||