| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. |
| IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. |
| IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 |
| IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. |
| IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. |
| IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. |
| IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. |
| IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. |
| IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. |
