Filtered by vendor Ibm
Subscriptions
Total
7867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0202 | 1 Ibm | 1 Cognos Tm1 | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. | ||||
| CVE-2012-0203 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-0205 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2025-04-11 | N/A |
| InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. | ||||
| CVE-2012-0696 | 1 Ibm | 2 Cognos Executive Viewer, Cognos Tm1 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. | ||||
| CVE-2012-0700 | 1 Ibm | 2 Infosphere Fasttrack, Infosphere Information Server | 2025-04-11 | N/A |
| The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-0717 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | ||||
| CVE-2012-0712 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | ||||
| CVE-2012-0713 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-04-11 | N/A |
| Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. | ||||
| CVE-2012-0714 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-0715 | 1 Ibm | 2 Ilog Jviews Gantt, Tivoli Change And Configuration Management Database | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-0716 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-0720 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2012-0726 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | ||||
| CVE-2012-0727 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-0729 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors. | ||||
| CVE-2012-0730 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||||
| CVE-2012-0731 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2012-0732 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-0733 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. | ||||
| CVE-2012-0734 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job. | ||||