Vulnerabilities in IBM Corporation

288 results

CVE-2016-5964—IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remotEPSS 1.6%CVE-2016-5941—IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL EPSS 1.6%CVE-2016-8960—IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege uEPSS 1.5%CVE-2016-6059—IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processiEPSS 1.5%CVE-2016-8980—IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML datEPSS 1.5%CVE-2016-9707—IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. AEPSS 1.5%CVE-2017-1161—IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs forEPSS 1.5%CVE-2016-8925—IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allowEPSS 1.4%CVE-2016-9691—IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) erEPSS 1.4%CVE-2016-0214—IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to uEPSS 1.4%CVE-2016-9740—IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of reEPSS 1.4%CVE-2019-4392—HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized accessEPSS 1.4%CVE-2016-8972—IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBMEPSS 1.4%CVE-2016-6068—IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role propEPSS 1.4%CVE-2016-5952—IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could EPSS 1.4%CVE-2016-8962—IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromEPSS 1.3%CVE-2016-3027—IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when procesEPSS 1.3%CVE-2016-9728—IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attackerEPSS 1.3%CVE-2016-5949—IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.EPSS 1.3%CVE-2017-1155—IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specialEPSS 1.3%

← previouspage 3 / 15next →