Export limit exceeded: 357515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1444 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | N/A |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110. | ||||
| CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2025-04-20 | N/A |
| IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | ||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2025-04-20 | N/A |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2016-0214 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | ||||
| CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | N/A |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2016-0210 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | N/A |
| IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. | ||||
| CVE-2016-0218 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | N/A |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | N/A |
| IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | ||||
| CVE-2016-0203 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | N/A |
| A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. | ||||
| CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-20 | N/A |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | ||||
| CVE-2015-7493 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | N/A |
| IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | ||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | N/A |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | ||||
| CVE-2016-8923 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. | ||||
| CVE-2023-45165 | 1 Ibm | 1 Aix | 2025-04-17 | 6.2 Medium |
| IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. | ||||
| CVE-2020-4497 | 1 Ibm | 1 Spectrum Protect Plus | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. | ||||
| CVE-2022-38708 | 1 Ibm | 1 Cognos Analytics | 2025-04-17 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. | ||||
| CVE-2022-43887 | 1 Ibm | 1 Cognos Analytics | 2025-04-17 | 5.3 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. | ||||
| CVE-2022-39160 | 1 Ibm | 1 Cognos Analytics | 2025-04-17 | 6.1 Medium |
| IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. | ||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | ||||
| CVE-2022-43883 | 1 Ibm | 1 Cognos Analytics | 2025-04-16 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. | ||||