VYPR

Vendor CVEs

IBM

All CVEs

8,253 total · sorted by risk
  • CVE-2016-9725MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.

  • CVE-2016-9720MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.

  • CVE-2016-5932MedMar 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2016-6055MedFeb 23, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-8968MedFeb 15, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.

  • CVE-2016-6077MedFeb 15, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.

  • CVE-2017-1121MedFeb 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-0310MedFeb 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

  • CVE-2016-0305MedFeb 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting…

  • CVE-2016-0210MedFeb 8, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive…

  • CVE-2017-1128MedFeb 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2017-1127MedFeb 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-6032MedFeb 8, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6099MedFeb 2, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.

  • CVE-2016-8999MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.

  • CVE-2016-8982MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

  • CVE-2016-8977MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

  • CVE-2016-8929MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

  • CVE-2016-5942MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5940MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-2992MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-2924MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the…

  • CVE-2016-0218MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser…

  • CVE-2016-0217MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in…

  • CVE-2016-6117MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.

  • CVE-2016-9731MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-8943MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-8934MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-8920MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-8911MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly…

  • CVE-2016-6125MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6123MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6080MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.

  • CVE-2016-6072MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6061MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6054MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6047MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6046MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6039MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6030MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5980MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5951MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5948MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5899MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5897MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

  • CVE-2016-5896MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.

  • CVE-2016-5880MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-3035MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.

  • CVE-2016-3023MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.

  • CVE-2016-0265MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web…

Page 78 of 166