VYPR

Vendor CVEs

IBM

All CVEs

8,279 total · sorted by risk
  • CVE-2015-1983Oct 4, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-1969Oct 4, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or…

  • CVE-2015-1934Oct 4, 2015
    risk 0.00cvss epss 0.01

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13…

  • CVE-2015-1933Oct 4, 2015
    risk 0.00cvss epss 0.00

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13…

  • CVE-2015-4955Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-1888Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated…

  • CVE-2015-0195Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-0145Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

  • CVE-2015-0144Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than…

  • CVE-2015-0143Oct 3, 2015
    risk 0.00cvss epss 0.01

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.

  • CVE-2015-0142Oct 3, 2015
    risk 0.00cvss epss 0.01

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.

  • CVE-2015-0141Oct 3, 2015
    risk 0.00cvss epss 0.01

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.

  • CVE-2014-8916Oct 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than…

  • CVE-2015-4980Sep 14, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors.

  • CVE-2015-1943Sep 14, 2015
    risk 0.00cvss epss 0.03

    IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

  • CVE-2015-2013Sep 14, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.

  • CVE-2015-2018Aug 23, 2015
    risk 0.00cvss epss 0.01

    IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-4950Aug 23, 2015
    risk 0.00cvss epss 0.02

    The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server…

  • CVE-2015-1992Aug 23, 2015
    risk 0.00cvss epss 0.00

    IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors.

  • CVE-2015-6557Aug 23, 2015
    risk 0.00cvss epss 0.00

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before…

  • CVE-2015-4949Aug 23, 2015
    risk 0.00cvss epss 0.00

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords…

  • CVE-2015-2015Aug 23, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.

  • CVE-2015-2014Aug 23, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.

  • CVE-2015-4938Aug 22, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.

  • CVE-2015-1932Aug 22, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.

  • CVE-2015-4936Aug 3, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2015-1987Aug 3, 2015
    risk 0.00cvss epss 0.02

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.

  • CVE-2015-1970Aug 3, 2015
    risk 0.00cvss epss 0.00

    The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.

  • CVE-2015-1958Aug 3, 2015
    risk 0.00cvss epss 0.02

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.

  • CVE-2015-1956Aug 3, 2015
    risk 0.00cvss epss 0.02

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.

  • CVE-2015-1955Aug 3, 2015
    risk 0.00cvss epss 0.02

    IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data.

  • CVE-2015-1904Aug 1, 2015
    risk 0.00cvss epss 0.01

    IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote…

  • CVE-2015-4945Jul 26, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application.

  • CVE-2015-1906Jul 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script…

  • CVE-2015-1905Jul 21, 2015
    risk 0.00cvss epss 0.01

    The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via…

  • CVE-2015-1984Jul 20, 2015
    risk 0.00cvss epss 0.01

    IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use…

  • CVE-2015-1982Jul 20, 2015
    risk 0.00cvss epss 0.01

    IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.

  • CVE-2015-1980Jul 20, 2015
    risk 0.00cvss epss 0.01

    IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

  • CVE-2015-1979Jul 20, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.

  • CVE-2015-1968Jul 20, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-1935Jul 20, 2015
    risk 0.00cvss epss 0.04

    The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

  • CVE-2015-1922Jul 20, 2015
    risk 0.00cvss epss 0.02

    The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

  • CVE-2015-1883Jul 20, 2015
    risk 0.00cvss epss 0.02

    IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

  • CVE-2015-0157Jul 20, 2015
    risk 0.00cvss epss 0.03

    IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

  • CVE-2015-0130Jul 20, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team…

  • CVE-2014-8910Jul 20, 2015
    risk 0.00cvss epss 0.02

    IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

  • CVE-2015-1946Jul 14, 2015
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

  • CVE-2015-1936Jul 14, 2015
    risk 0.00cvss epss 0.02

    The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

  • CVE-2015-1927Jul 14, 2015
    risk 0.00cvss epss 0.02

    The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to…

  • CVE-2015-1944Jul 14, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Page 121 of 166