VYPR

Vendor CVEs

IBM

All CVEs

8,292 total · sorted by risk
  • CVE-2013-0523Jun 21, 2013
    risk 0.00cvss epss 0.01

    IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that…

  • CVE-2013-2961Jun 21, 2013
    risk 0.00cvss epss 0.02

    The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1…

  • CVE-2013-2960Jun 21, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1…

  • CVE-2013-0551Jun 21, 2013
    risk 0.00cvss epss 0.02

    The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before…

  • CVE-2013-0548Jun 21, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations…

  • CVE-2013-0536Jun 21, 2013
    risk 0.00cvss epss 0.00

    ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user,…

  • CVE-2013-3035Jun 21, 2013
    risk 0.00cvss epss 0.04

    The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.

  • CVE-2013-0534Jun 21, 2013
    risk 0.00cvss epss 0.00

    The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.

  • CVE-2013-0529Jun 21, 2013
    risk 0.00cvss epss 0.01

    The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http…

  • CVE-2013-0527Jun 21, 2013
    risk 0.00cvss epss 0.00

    The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended…

  • CVE-2013-2969Jun 19, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.

  • CVE-2013-2968Jun 19, 2013
    risk 0.00cvss epss 0.01

    An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.

  • CVE-2013-0484Jun 19, 2013
    risk 0.00cvss epss 0.01

    The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.

  • CVE-2013-2981Jun 17, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-2980Jun 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access monitored database information.

  • CVE-2013-3026Jun 17, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site.

  • CVE-2013-3475Jun 5, 2013
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

  • CVE-2013-0508Jun 5, 2013
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1)…

  • CVE-2013-2970Jun 3, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors.

  • CVE-2013-0464Jun 3, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2013-2950Jun 3, 2013
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject…

  • CVE-2013-0549Jun 3, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web…

  • CVE-2013-0482May 29, 2013
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a…

  • CVE-2013-2989May 28, 2013
    risk 0.00cvss epss 0.00

    The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the…

  • CVE-2013-0599May 28, 2013
    risk 0.00cvss epss 0.02

    IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information…

  • CVE-2013-0499May 28, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall,…

  • CVE-2013-0576May 28, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified…

  • CVE-2013-2959May 27, 2013
    risk 0.00cvss epss 0.01

    The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-2957May 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2013-2956May 27, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-2955May 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue.

  • CVE-2013-2954May 27, 2013
    risk 0.00cvss epss 0.01

    The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2013-2953May 27, 2013
    risk 0.00cvss epss 0.00

    IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

  • CVE-2013-2977May 10, 2013
    risk 0.00cvss epss 0.05

    Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message,…

  • CVE-2013-0578May 10, 2013
    risk 0.00cvss epss 0.01

    The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require…

  • CVE-2013-0520May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

  • CVE-2013-0519May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to…

  • CVE-2013-0518May 10, 2013
    risk 0.00cvss epss 0.01

    IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a…

  • CVE-2013-0600May 9, 2013
    risk 0.00cvss epss 0.03

    Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors.

  • CVE-2013-0582May 2, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows…

  • CVE-2013-0535May 2, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-0538May 1, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.

  • CVE-2013-0127May 1, 2013
    risk 0.00cvss epss 0.04

    IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka…

  • CVE-2012-5947Apr 30, 2013
    risk 0.00cvss epss 0.04

    Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-5945Apr 30, 2013
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.

  • CVE-2013-0553Apr 28, 2013
    risk 0.00cvss epss 0.01

    The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all…

  • CVE-2013-0533Apr 28, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-0593Apr 27, 2013
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2013-0572Apr 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct…

  • CVE-2013-0571Apr 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a…

Page 139 of 166