Filtered by vendor Ibm
Subscriptions
Total
8140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6118 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | N/A |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356. | ||||
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2016-6100 | 1 Ibm | 2 Disposal And Governance Management For It, Global Retention Policy And Schedule Management | 2025-04-20 | N/A |
| IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771. | ||||
| CVE-2016-6099 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | ||||
| CVE-2016-6104 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | ||||
| CVE-2016-6097 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2016-6092 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | ||||
| CVE-2016-6098 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | ||||
| CVE-2016-6103 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2016-6087 | 1 Ibm | 1 Domino | 2025-04-20 | 9.8 Critical |
| IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. | ||||
| CVE-2016-6085 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | ||||
| CVE-2016-6089 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. | ||||
| CVE-2016-6083 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | N/A |
| IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. | ||||
| CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | ||||
| CVE-2016-6090 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 9.8 Critical |
| IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. | ||||
| CVE-2016-6105 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | ||||
| CVE-2016-8915 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | ||||
| CVE-2016-6062 | 1 Ibm | 1 Resilient | 2025-04-20 | N/A |
| IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. | ||||
| CVE-2016-6061 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2016-6065 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | ||||