Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1361 | Med | 0.40 | 6.1 | 0.01 | Jan 11, 2018 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2017-1623 | Med | 0.40 | 6.1 | 0.01 | Jan 10, 2018 | IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. | ||
| CVE-2017-1534 | Med | 0.40 | 6.1 | 0.01 | Jan 10, 2018 | IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL… | ||
| CVE-2017-1533 | Med | 0.40 | 6.1 | 0.01 | Jan 10, 2018 | IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.… | ||
| CVE-2017-1668 | Med | 0.40 | 6.1 | 0.01 | Jan 9, 2018 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL… | ||
| CVE-2017-1673 | Med | 0.40 | 6.1 | 0.01 | Jan 4, 2018 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2017-1262 | Med | 0.40 | 6.1 | 0.01 | Dec 20, 2017 | IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further… | ||
| CVE-2017-1558 | Med | 0.40 | 6.1 | 0.01 | Dec 13, 2017 | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to… | ||
| CVE-2017-1421 | Med | 0.40 | 6.1 | 0.01 | Dec 13, 2017 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||
| CVE-2017-1521 | Med | 0.40 | 6.1 | 0.01 | Oct 26, 2017 | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | ||
| CVE-2017-1503 | Med | 0.40 | 6.1 | 0.02 | Oct 10, 2017 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the… | ||
| CVE-2017-1591 | Med | 0.40 | 6.1 | 0.01 | Sep 28, 2017 | IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2017-1551 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2017 | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | ||
| CVE-2017-1189 | Med | 0.40 | 6.1 | 0.01 | Sep 7, 2017 | IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | ||
| CVE-2017-1457 | Med | 0.40 | 6.1 | 0.01 | Sep 5, 2017 | IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2017-1450 | Med | 0.40 | 6.1 | 0.01 | Aug 31, 2017 | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a… | ||
| CVE-2017-1443 | Med | 0.40 | 6.1 | 0.01 | Aug 30, 2017 | IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2017-1428 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks… | ||
| CVE-2017-1427 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2017-1195 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL… | ||
| CVE-2017-1489 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | ||
| CVE-2015-0101 | Med | 0.40 | 6.1 | 0.01 | Aug 28, 2017 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced… | ||
| CVE-2014-9564 | Med | 0.40 | 6.1 | 0.01 | Aug 25, 2017 | CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site… | ||
| CVE-2014-6189 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2017 | Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified… | ||
| CVE-2017-1327 | Med | 0.40 | 6.1 | 0.01 | Aug 3, 2017 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | ||
| CVE-2017-1500 | Med | 0.40 | 6.1 | 0.01 | Aug 1, 2017 | A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in… | ||
| CVE-2017-1332 | Med | 0.40 | 6.1 | 0.01 | Jul 31, 2017 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234. | ||
| CVE-2017-1303 | Med | 0.40 | 6.1 | 0.01 | Jul 31, 2017 | IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | ||
| CVE-2017-1223 | Med | 0.40 | 6.1 | 0.01 | Jul 19, 2017 | IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to… | ||
| CVE-2017-1203 | Med | 0.40 | 6.1 | 0.01 | Jul 19, 2017 | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials… | ||
| CVE-2017-1321 | Med | 0.40 | 6.1 | 0.01 | Jul 12, 2017 | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2016-8947 | Med | 0.40 | 6.1 | 0.01 | Jul 12, 2017 | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to… | ||
| CVE-2017-1398 | Med | 0.40 | 6.1 | 0.01 | Jul 10, 2017 | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this… | ||
| CVE-2017-1256 | Med | 0.40 | 6.1 | 0.01 | Jul 5, 2017 | IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2017-1217 | Med | 0.40 | 6.1 | 0.01 | Jul 5, 2017 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2017-1304 | Med | 0.40 | 6.2 | 0.00 | Jun 21, 2017 | IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to… | ||
| CVE-2017-1178 | Med | 0.40 | 6.1 | 0.01 | Jun 7, 2017 | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2017-1325 | Med | 0.40 | 6.1 | 0.01 | May 26, 2017 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | ||
| CVE-2016-0255 | Med | 0.40 | 6.1 | 0.01 | May 5, 2017 | IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser… | ||
| CVE-2016-9990 | Med | 0.40 | 6.1 | 0.01 | Mar 31, 2017 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:… | ||
| CVE-2017-1120 | Med | 0.40 | 6.1 | 0.01 | Mar 27, 2017 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference… | ||
| CVE-2016-9723 | Med | 0.40 | 6.1 | 0.01 | Mar 7, 2017 | IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | ||
| CVE-2016-9693 | Med | 0.40 | 6.1 | 0.01 | Mar 7, 2017 | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the… | ||
| CVE-2016-8232 | Med | 0.40 | 6.1 | 0.01 | Mar 1, 2017 | Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted… | ||
| CVE-2016-5883 | Med | 0.40 | 6.1 | 0.01 | Feb 23, 2017 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:… | ||
| CVE-2016-6062 | Med | 0.40 | 6.1 | 0.01 | Feb 16, 2017 | IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2016-9010 | Med | 0.40 | 6.1 | 0.01 | Feb 15, 2017 | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | ||
| CVE-2016-5902 | Med | 0.40 | 6.1 | 0.01 | Feb 8, 2017 | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||
| CVE-2016-6096 | Med | 0.40 | 6.1 | 0.01 | Feb 7, 2017 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2016-6092 | Med | 0.40 | 6.2 | 0.00 | Feb 7, 2017 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. |
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.40cvss 6.1epss 0.01
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.
- risk 0.40cvss 6.1epss 0.01
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL…
- risk 0.40cvss 6.1epss 0.01
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL…
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.40cvss 6.1epss 0.01
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further…
- risk 0.40cvss 6.1epss 0.01
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
- risk 0.40cvss 6.1epss 0.02
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.40cvss 6.1epss 0.01
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- risk 0.40cvss 6.1epss 0.01
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.40cvss 6.1epss 0.01
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…
- risk 0.40cvss 6.1epss 0.01
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.40cvss 6.1epss 0.01
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks…
- risk 0.40cvss 6.1epss 0.01
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.40cvss 6.1epss 0.01
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL…
- risk 0.40cvss 6.1epss 0.01
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced…
- risk 0.40cvss 6.1epss 0.01
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.
- risk 0.40cvss 6.1epss 0.01
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to…
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…
- risk 0.40cvss 6.1epss 0.01
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.40cvss 6.1epss 0.01
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this…
- risk 0.40cvss 6.1epss 0.01
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.40cvss 6.2epss 0.00
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to…
- risk 0.40cvss 6.1epss 0.01
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
- risk 0.40cvss 6.1epss 0.01
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference…
- risk 0.40cvss 6.1epss 0.01
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
- risk 0.40cvss 6.1epss 0.01
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the…
- risk 0.40cvss 6.1epss 0.01
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted…
- risk 0.40cvss 6.1epss 0.01
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…
- risk 0.40cvss 6.1epss 0.01
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.40cvss 6.1epss 0.01
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- risk 0.40cvss 6.1epss 0.01
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- risk 0.40cvss 6.1epss 0.01
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.40cvss 6.2epss 0.00
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
Page 40 of 166