Filtered by vendor Ibm
Subscriptions
Total
7866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3301 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. | ||||
| CVE-2010-0714 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2011-3390 | 1 Ibm | 2 Informix, Openadmin Tool | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. | ||||
| CVE-2012-4859 | 1 Ibm | 1 Tivoli Storage Manager For Space Management | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. | ||||
| CVE-2024-27268 | 1 Ibm | 1 Websphere Application Server | 2025-04-10 | 5.9 Medium |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574. | ||||
| CVE-2022-39164 | 1 Ibm | 2 Aix, Vios | 2025-04-10 | 6.2 Medium |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181. | ||||
| CVE-2022-41290 | 1 Ibm | 2 Aix, Vios | 2025-04-10 | 8.4 High |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. | ||||
| CVE-2024-28784 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-10 | 5.4 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. | ||||
| CVE-2022-42435 | 1 Ibm | 1 Business Automation Workflow | 2025-04-10 | 4.3 Medium |
| IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. | ||||
| CVE-2022-43844 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2025-04-10 | 8.8 High |
| IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. | ||||
| CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2025-04-10 | 4.6 Medium |
| IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | ||||
| CVE-2022-22352 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398. | ||||
| CVE-2022-34330 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-04-10 | 6.1 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469. | ||||
| CVE-2022-43920 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. | ||||
| CVE-2021-38928 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323. | ||||
| CVE-2022-22371 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-04-10 | 5.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. | ||||
| CVE-2022-22338 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. | ||||
| CVE-2022-22337 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. | ||||
| CVE-2022-22470 | 1 Ibm | 1 Security Verify Governance | 2025-04-10 | 4.1 Medium |
| IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | ||||
| CVE-1999-0011 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2025-04-09 | 5.4 Medium |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||||