Vulnerabilities in IBM Corporation

288 results

CVE-2016-8977—IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be usedEPSS 1.1%CVE-2016-8918—IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.EPSS 1.1%CVE-2016-6102—IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauEPSS 1.1%CVE-2018-9068—The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. TEPSS 1.1%CVE-2016-8986—IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTEPSS 1.0%CVE-2016-5934—IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-EPSS 1.0%CVE-2016-6080—The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.EPSS 1.0%CVE-2016-3021—IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specialEPSS 1.0%CVE-2016-3035—IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.EPSS 1.0%CVE-2016-6099—IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount furEPSS 1.0%CVE-2016-5896—IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.EPSS 1.0%CVE-2016-9008—IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.EPSS 1.0%CVE-2016-6112—IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and EPSS 1.0%CVE-2016-6034—IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of prEPSS 1.0%CVE-2016-5950—IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.EPSS 1.0%CVE-2016-5988—IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be avEPSS 1.0%CVE-2017-1154—IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which sEPSS 1.0%CVE-2016-8928—IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow theEPSS 1.0%CVE-2016-8930—IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow theEPSS 1.0%CVE-2017-1120—IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code iEPSS 1.0%

← previouspage 5 / 15next →