Filtered by vendor Ibm Subscriptions
Total 8337 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1312 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.
CVE-2008-7287 1 Ibm 1 Tivoli Directory Server 2025-04-11 N/A
Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cause a denial of service (memory consumption) by making many function calls.
CVE-2012-4821 3 Ibm, Redhat, Tivoli Storage Productivity Center 17 Java, Lotus Domino, Lotus Notes and 14 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
CVE-2010-0783 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1029 1 Ibm 1 Rational Team Concert 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.
CVE-2010-0780 1 Ibm 1 Websphere Mq 2025-04-11 N/A
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
CVE-2009-2752 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
CVE-2013-6725 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
CVE-2010-0772 1 Ibm 1 Websphere Mq 2025-04-11 N/A
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data."
CVE-2009-2748 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2328 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.
CVE-2010-0704 1 Ibm 1 Websphere Portal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2010-2325 1 Ibm 2 Websphere Application Server, Zos 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
CVE-2010-2279 1 Ibm 1 Lotus Connections 2025-04-11 N/A
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.
CVE-2011-0311 2 Ibm, Redhat 4 Java, Runtimes For Java Technology, Rhel Extras and 1 more 2025-04-11 N/A
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
CVE-2011-4435 1 Ibm 1 Db2 Tools For Z\/os 2025-04-11 N/A
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests.
CVE-2010-0154 1 Ibm 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware 2025-04-11 N/A
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability."
CVE-2009-5084 1 Ibm 1 Tivoli Federated Identity Manager 2025-04-11 N/A
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
CVE-2013-5385 1 Ibm 2 I, Z\/os 2025-04-11 N/A
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2009-5060 1 Ibm 2 Lotus Domino, Lotus Quickr 2025-04-11 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.