Filtered by vendor Ibm
Subscriptions
Total
8337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4120 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | ||||
| CVE-2010-4595 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | ||||
| CVE-2010-4787 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing. | ||||
| CVE-2010-4789 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation. | ||||
| CVE-2010-0770 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. | ||||
| CVE-2012-4823 | 3 Ibm, Redhat, Tivoli Storage Productivity Center | 18 Java, Lotus Domino, Lotus Notes and 15 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." | ||||
| CVE-2012-4837 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | ||||
| CVE-2012-4845 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | N/A |
| The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | ||||
| CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2011-1034 | 1 Ibm | 1 Rational Build Forge | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-1205 | 1 Ibm | 3 Rational Clearcase, Rational Clearquest, Rational Common Licensing | 2025-04-11 | N/A |
| Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | ||||
| CVE-2011-1520 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | ||||
| CVE-2012-5756 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2025-04-11 | N/A |
| The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. | ||||
| CVE-2012-5939 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2012-5953 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. | ||||
| CVE-2012-0202 | 1 Ibm | 1 Cognos Tm1 | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. | ||||
| CVE-2012-6352 | 1 Ibm | 1 Sterling Connect | 2025-04-11 | N/A |
| The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. | ||||
| CVE-2013-0127 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | N/A |
| IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. | ||||
| CVE-2013-2970 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors. | ||||
| CVE-2013-0464 | 1 Ibm | 2 Eclipse Help System, Spss Data Collection | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||