Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0393 | 1 Ibm | 1 Maximo Asset Management | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | |||||
| CVE-2016-0397 | 1 Ibm | 1 Bigfix Webreports | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
| CVE-2016-0236 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | |||||
| CVE-2016-0269 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-0239 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | |||||
| CVE-2016-0241 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | |||||
| CVE-2016-0246 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0247 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. | |||||
| CVE-2016-0248 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 7.5 HIGH | 8.6 HIGH |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0293 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | |||||
| CVE-2016-0306 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8522 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521. | |||||
| CVE-2015-8523 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | |||||
| CVE-2015-8519 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522. | |||||
| CVE-2015-8520 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522. | |||||
| CVE-2015-8521 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522. | |||||
| CVE-2015-7407 | 1 Ibm | 1 Mashups Center | 2016-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-7410 | 1 Ibm | 1 Sterling B2b Integrator | 2016-11-28 | 5.8 MEDIUM | 7.4 HIGH |
| The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. | |||||