Search Results (8339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0467 1 Ibm 1 Data Studio 2025-04-11 N/A
IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL.
CVE-2013-0466 1 Ibm 1 Websphere Message Broker 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message.
CVE-2013-0465 1 Ibm 1 Webshere Cast Iron Cloud Integration 2025-04-11 N/A
Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
CVE-2013-0464 1 Ibm 2 Eclipse Help System, Spss Data Collection 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-0463 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.
CVE-2013-0452 1 Ibm 2 Software Use Analysis, Tivoli Endpoint Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.
CVE-2012-6359 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2025-04-11 N/A
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.
CVE-2012-6357 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
CVE-2012-6356 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
CVE-2012-6355 1 Ibm 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more 2025-04-11 N/A
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
CVE-2012-6354 1 Ibm 2 San Volume Controller Software, Storwize V7000 2025-04-11 N/A
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
CVE-2012-6352 1 Ibm 1 Sterling Connect 2025-04-11 N/A
The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.
CVE-2012-6350 1 Ibm 1 Cognos Tm1 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6349 2 Autonomy, Ibm 2 Keyview Idol, Lotus Notes 2025-04-11 N/A
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
CVE-2012-5941 1 Ibm 1 Netezza 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
CVE-2012-5940 1 Ibm 1 Netezza 2025-04-11 N/A
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
CVE-2012-5939 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2012-5938 3 Conectiva, Ibm, Novell 3 Linux, Infosphere Information Server, Unixware 2025-04-11 N/A
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2012-5937 1 Ibm 4 Gentran Integration Suite, Sterling B2b Integrator, Sterling File Gateway and 1 more 2025-04-11 N/A
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2012-5936 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.