VYPR

Vendor CVEs

IBM

All CVEs

8,253 total · sorted by risk
  • CVE-2017-1234MedJun 27, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.

  • CVE-2016-6083MedJun 27, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.

  • CVE-2017-1348MedJun 23, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1132MedJun 23, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-9983MedJun 22, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.

  • CVE-2016-9747MedJun 22, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2017-1117MedJun 21, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.

  • CVE-2017-1104MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2017-1102MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2017-1101MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2017-1100MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2016-9973MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

  • CVE-2017-1278MedJun 12, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.

  • CVE-2017-1276MedJun 12, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1247MedJun 12, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1140MedJun 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-9736MedJun 8, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

  • CVE-2014-4843MedJun 8, 2017
    risk 0.35cvss 5.3epss 0.01

    Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.

  • CVE-2017-1305MedJun 7, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-9710MedJun 7, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force…

  • CVE-2016-5959MedJun 7, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.

  • CVE-2017-1292MedMay 26, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

  • CVE-2017-1291MedMay 26, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to…

  • CVE-2017-1320MedMay 22, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2017-1282MedMay 22, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2017-1159MedMay 22, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…

  • CVE-2016-6035MedMay 10, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-5888MedMay 10, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2016-3032MedMay 10, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-9980MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-9979MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1160MedApr 17, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2016-3038MedApr 17, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2016-0228MedApr 17, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.

  • CVE-2016-8927MedApr 14, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within…

  • CVE-2017-1180MedApr 5, 2017
    risk 0.35cvss 5.3epss 0.01

    The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.

  • CVE-2016-3031MedApr 5, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-3015MedApr 5, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-8935MedMar 31, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2016-6036MedMar 31, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-6031MedMar 31, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-6022MedMar 31, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2017-1143MedMar 27, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2016-9737MedMar 27, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-6056MedMar 27, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2017-1146MedMar 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2016-9696MedMar 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.

  • CVE-2016-9694MedMar 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2016-9006MedMar 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference…

  • CVE-2017-1133MedMar 7, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

Page 77 of 166