Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6096 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6094 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. | |||||
| CVE-2016-6097 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 2.1 LOW | 4.0 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2016-6092 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 2.1 LOW | 6.2 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | |||||
| CVE-2016-6044 | 1 Ibm | 1 Tivoli Storage Manager | 2017-02-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. | |||||
| CVE-2016-6043 | 1 Ibm | 1 Tivoli Storage Manager | 2017-02-09 | 4.4 MEDIUM | 7.0 HIGH |
| Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | |||||
| CVE-2016-5949 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | |||||
| CVE-2016-5948 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-8934 | 1 Ibm | 1 Websphere Application Server | 2017-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-3045 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2017-02-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. | |||||
| CVE-2016-6045 | 1 Ibm | 1 Tivoli Storage Manager | 2017-02-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2016-5950 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||||
| CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2017-02-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
| CVE-2016-6046 | 1 Ibm | 1 Tivoli Storage Manager | 2017-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6072 | 1 Ibm | 12 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 9 more | 2017-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5980 | 1 Ibm | 1 Tririga Application Platform | 2017-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6020 | 1 Ibm | 1 Sterling B2b Integrator | 2017-02-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||||
| CVE-2016-6000 | 1 Ibm | 1 Tririga Application Platform | 2017-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5937 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||