Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4456 | 1 Ibm | 1 Daeja Viewone | 2022-12-06 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. | |||||
| CVE-2019-4439 | 1 Ibm | 1 Cloud Private | 2022-12-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949. | |||||
| CVE-2019-4415 | 1 Ibm | 1 Cloud Private | 2022-12-03 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706. | |||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | |||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | |||||
| CVE-2019-4028 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. | |||||
| CVE-2019-4029 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. | |||||
| CVE-2019-4030 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. | |||||
| CVE-2019-4039 | 1 Ibm | 1 Websphere Mq | 2022-12-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163. | |||||
| CVE-2019-4016 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2022-12-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894. | |||||
| CVE-2019-4033 | 1 Ibm | 1 Content Navigator | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. | |||||
| CVE-2019-4012 | 1 Ibm | 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. | |||||
| CVE-2019-4015 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2022-12-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893. | |||||
| CVE-2019-4014 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2022-12-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892. | |||||
| CVE-2019-4011 | 1 Ibm | 1 Bigfix Platform | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885. | |||||
| CVE-2019-4040 | 1 Ibm | 1 I | 2022-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. | |||||
| CVE-2019-4046 | 1 Ibm | 1 Websphere Application Server | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. | |||||
| CVE-2019-4043 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. | |||||
| CVE-2019-4027 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. | |||||
| CVE-2019-4038 | 1 Ibm | 1 Security Identity Manager | 2022-12-03 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. | |||||