VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2017-1499HigFeb 14, 2018
    risk 0.57cvss 8.8epss 0.02

    IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.

  • CVE-2017-1731HigJan 30, 2018
    risk 0.57cvss 8.8epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.

  • CVE-2017-1769HigJan 24, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

  • CVE-2016-0335HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown…

  • CVE-2016-0324HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.04

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.

  • CVE-2017-1672HigJan 4, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.

  • CVE-2017-1757HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.

  • CVE-2017-1746HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

  • CVE-2017-1696HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.03

    IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.

  • CVE-2017-1631HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.

  • CVE-2017-1606HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end…

  • CVE-2017-1356HigDec 7, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.

  • CVE-2017-1453HigNov 13, 2017
    risk 0.57cvss 8.8epss 0.03

    IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID:…

  • CVE-2017-1300HigNov 1, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.

  • CVE-2017-1311HigOct 3, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.

  • CVE-2017-1407HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.03

    IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.…

  • CVE-2017-1539HigSep 26, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID:…

  • CVE-2014-6106HigSep 18, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via…

  • CVE-2014-9565HigSep 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.

  • CVE-2017-1097HigSep 5, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.

  • CVE-2017-1442HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.

  • CVE-2017-1440HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.03

    IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable…

  • CVE-2014-8900HigAug 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.

  • CVE-2017-1174HigAug 10, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.

  • CVE-2014-8903HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.

  • CVE-2016-9716HigJul 31, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.

  • CVE-2016-9714HigJul 31, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.

  • CVE-2017-1373HigJul 21, 2017
    risk 0.57cvss 8.8epss 0.02

    Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.

  • CVE-2017-1371HigJul 21, 2017
    risk 0.57cvss 8.8epss 0.01

    Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.

  • CVE-2017-1218HigJul 19, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.

  • CVE-2017-1318HigJul 18, 2017
    risk 0.57cvss 8.8epss 0.03

    IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730.

  • CVE-2017-1347HigJun 23, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.

  • CVE-2016-9984HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.

  • CVE-2016-9977HigJun 7, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID:…

  • CVE-2016-6112HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.

  • CVE-2016-5889HigMay 10, 2017
    risk 0.57cvss 8.8epss 0.00

    IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.

  • CVE-2017-1156HigMay 5, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…

  • CVE-2017-1194HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

  • CVE-2017-1205HigApr 14, 2017
    risk 0.57cvss 8.8epss 0.00

    IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.

  • CVE-2016-6100HigApr 5, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted…

  • CVE-2016-8917HigMar 31, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.

  • CVE-2017-1153HigMar 27, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.

  • CVE-2016-8960HigMar 27, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM…

  • CVE-2016-9726HigMar 7, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.

  • CVE-2016-8940HigMar 7, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators.…

  • CVE-2016-9975HigFeb 24, 2017
    risk 0.57cvss 8.8epss 0.00

    IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.

  • CVE-2016-6033HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545.

  • CVE-2016-6103HigFeb 2, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2016-8932HigFeb 1, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

  • CVE-2016-8931HigFeb 1, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

Page 3 of 166