Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2985 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2016-11-28 | 6.9 MEDIUM | 7.0 HIGH |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program. | |||||
| CVE-2016-2945 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document. | |||||
| CVE-2016-0370 | 1 Ibm | 1 Forms Experience Builder | 2016-11-28 | 3.5 LOW | 2.7 LOW |
| Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product. | |||||
| CVE-2016-0372 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0314 | 1 Ibm | 1 Jazz Reporting Service | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-0365 | 1 Ibm | 1 Urbancode Deploy | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. | |||||
| CVE-2016-0378 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||||
| CVE-2016-0393 | 1 Ibm | 1 Maximo Asset Management | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | |||||
| CVE-2016-0389 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-0379 | 1 Ibm | 1 Websphere Mq | 2016-11-28 | 3.5 LOW | 3.1 LOW |
| IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | |||||
| CVE-2016-0321 | 1 Ibm | 1 Personal Communications | 2016-11-28 | 2.1 LOW | 6.2 MEDIUM |
| IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. | |||||
| CVE-2016-0328 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | |||||
| CVE-2016-0397 | 1 Ibm | 1 Bigfix Webreports | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
| CVE-2016-0353 | 1 Ibm | 1 Security Privileged Identity Manager | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0326 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | |||||
| CVE-2016-0325 | 1 Ibm | 1 Rational Team Concert | 2016-11-28 | 7.5 HIGH | 6.3 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2016-0387 | 1 Ibm | 1 Tririga Application Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | |||||
| CVE-2016-0239 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | |||||
| CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-0306 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||