VYPR

Vendor CVEs

IBM

All CVEs

8,260 total · sorted by risk
  • CVE-2017-1515MedJan 26, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.

  • CVE-2015-7484MedJan 16, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force…

  • CVE-2017-1727MedJan 4, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

  • CVE-2017-1557MedJan 2, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.

  • CVE-2017-1191MedDec 27, 2017
    risk 0.28cvss 4.3epss 0.01

    An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

  • CVE-2017-1257MedDec 20, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.

  • CVE-2017-1507MedDec 11, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

  • CVE-2017-1481MedDec 7, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.

  • CVE-2017-1342MedDec 7, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.

  • CVE-2017-1570MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

  • CVE-2017-1484MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.

  • CVE-2017-1283MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.

  • CVE-2017-1251MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.

  • CVE-2017-1240MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

  • CVE-2016-6024MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

  • CVE-2017-1226MedOct 26, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.

  • CVE-2017-1295MedOct 25, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.

  • CVE-2017-1241MedOct 25, 2017
    risk 0.28cvss 4.3epss 0.01

    An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.

  • CVE-2017-1555MedSep 25, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.

  • CVE-2016-2976MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.

  • CVE-2016-2966MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.

  • CVE-2016-0358MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.

  • CVE-2016-2977MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.

  • CVE-2016-2969MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.

  • CVE-2016-2959MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.

  • CVE-2016-10503MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.

  • CVE-2016-2970MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.

  • CVE-2017-1377MedAug 10, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874.

  • CVE-2017-1357MedAug 9, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

  • CVE-2016-6018MedJul 19, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

  • CVE-2017-1157MedJul 5, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.

  • CVE-2016-9700MedJul 5, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

  • CVE-2017-1326MedJun 22, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.

  • CVE-2017-1099MedJun 13, 2017
    risk 0.28cvss 4.3epss 0.03

    IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

  • CVE-2016-8987MedJun 8, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.

  • CVE-2016-3051MedJun 7, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.

  • CVE-2016-9735MedMay 15, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

  • CVE-2017-1141MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.

  • CVE-2016-9978MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.

  • CVE-2016-8923MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.

  • CVE-2017-1152MedApr 14, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.

  • CVE-2016-8926MedApr 14, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.

  • CVE-2017-1171MedMar 31, 2017
    risk 0.28cvss 4.3epss 0.01

    The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.

  • CVE-2017-1155MedMar 20, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.

  • CVE-2016-8973MedMar 20, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.

  • CVE-2016-9730MedMar 7, 2017
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.

  • CVE-2016-6060MedFeb 15, 2017
    risk 0.28cvss 4.3epss 0.01

    An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.

  • CVE-2016-0308MedFeb 8, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

  • CVE-2016-0307MedFeb 8, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

  • CVE-2016-9748MedFeb 8, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.

Page 97 of 166