Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1157 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2017-1264 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. | |||||
| CVE-2017-1253 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. | |||||
| CVE-2017-1236 | 1 Ibm | 1 Websphere Mq | 2017-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | |||||
| CVE-2017-1285 | 1 Ibm | 1 Websphere Mq | 2017-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. | |||||
| CVE-2017-1096 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. | |||||
| CVE-2017-1258 | 1 Ibm | 1 Security Guardium | 2017-07-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |||||
| CVE-2017-1284 | 1 Ibm | 1 Websphere Mq | 2017-07-13 | 1.9 LOW | 4.7 MEDIUM |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | |||||
| CVE-2017-1269 | 1 Ibm | 1 Security Guardium | 2017-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 | |||||
| CVE-2016-9989 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. | |||||
| CVE-2016-9988 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. | |||||
| CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | |||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
| CVE-2004-1442 | 1 Ibm | 1 Net.data | 2017-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E." | |||||
| CVE-2017-1120 | 1 Ibm | 1 Websphere Portal | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. | |||||
| CVE-2016-6102 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-07-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359. | |||||
| CVE-2016-3052 | 1 Ibm | 1 Websphere Mq | 2017-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | |||||
| CVE-2016-9990 | 1 Ibm | 1 Inotes | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | |||||
| CVE-2016-0238 | 1 Ibm | 1 Security Guardium | 2017-07-11 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 | |||||