Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2017-10-09 | 10.0 HIGH | N/A |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||||
| CVE-1999-1486 | 1 Ibm | 1 Aix | 2017-10-09 | 1.2 LOW | N/A |
| sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2000-0652 | 1 Ibm | 1 Websphere Application Server | 2017-10-09 | 5.0 MEDIUM | N/A |
| IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. | |||||
| CVE-2000-0677 | 1 Ibm | 1 Net.data | 2017-10-09 | 10.0 HIGH | N/A |
| Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. | |||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2017-10-09 | 6.2 MEDIUM | N/A |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | |||||
| CVE-2000-0873 | 1 Ibm | 1 Aix | 2017-10-09 | 2.1 LOW | N/A |
| netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. | |||||
| CVE-2000-0848 | 1 Ibm | 1 Websphere Application Server | 2017-10-09 | 10.0 HIGH | N/A |
| Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. | |||||
| CVE-2000-1038 | 1 Ibm | 1 As400 Firewall | 2017-10-09 | 5.0 MEDIUM | N/A |
| The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. | |||||
| CVE-2000-1119 | 1 Ibm | 1 Aix | 2017-10-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. | |||||
| CVE-2000-1120 | 1 Ibm | 1 Aix | 2017-10-09 | 7.2 HIGH | N/A |
| Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. | |||||
| CVE-2000-1121 | 1 Ibm | 1 Aix | 2017-10-09 | 7.2 HIGH | N/A |
| Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. | |||||
| CVE-2000-1123 | 1 Ibm | 1 Aix | 2017-10-09 | 7.2 HIGH | N/A |
| Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. | |||||
| CVE-2000-1124 | 1 Ibm | 1 Aix | 2017-10-09 | 7.2 HIGH | N/A |
| Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. | |||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | |||||
| CVE-2017-1577 | 1 Ibm | 1 Websphere Portal | 2017-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | |||||
| CVE-2017-1483 | 1 Ibm | 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager | 2017-10-06 | 7.5 HIGH | 8.6 HIGH |
| IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. | |||||
| CVE-2017-1551 | 1 Ibm | 1 Api Connect | 2017-10-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | |||||
| CVE-2017-1555 | 1 Ibm | 1 Api Connect | 2017-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | |||||
| CVE-2017-1425 | 1 Ibm | 1 Business Process Manager | 2017-10-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. | |||||
| CVE-2017-1527 | 1 Ibm | 1 Business Process Manager | 2017-09-29 | 7.5 HIGH | 8.1 HIGH |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. | |||||