Filtered by vendor Ibm
Subscriptions
Total
7867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4003 | 1 Ibm | 1 Tririga Application Platform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp. | ||||
| CVE-2013-3990 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. | ||||
| CVE-2010-1487 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | N/A |
| IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | ||||
| CVE-2012-5946 | 1 Ibm | 1 Spss Samplepower | 2025-04-11 | N/A |
| Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string. | ||||
| CVE-2013-3988 | 1 Ibm | 1 Sametime | 2025-04-11 | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2013-3986 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | N/A |
| IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. | ||||
| CVE-2013-3985 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | ||||
| CVE-2011-1224 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | ||||
| CVE-2013-3979 | 2 Ibm, Microsoft | 2 Star Command Center, Internet Explorer | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-3978 | 1 Ibm | 1 Sametime | 2025-04-11 | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| CVE-2013-3973 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-3972 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2010-3271 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. | ||||
| CVE-2013-3971 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049. | ||||
| CVE-2013-4013 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-0188 | 1 Ibm | 2 Spss Data Collection, Spss Dimensions | 2025-04-11 | N/A |
| Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. | ||||
| CVE-2013-3475 | 1 Ibm | 3 Db2, Db2 Connect, Smart Analytics System 7600 | 2025-04-11 | N/A |
| Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2011-1360 | 1 Ibm | 1 Http Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. | ||||
| CVE-2013-3049 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971. | ||||
| CVE-2013-3048 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||