Vulmon Recent Vulnerabilities Discussions Trends About Contact

ibm vulnerabilities and exploits

9.3
CVSSv2
CVE-2012-5947

Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors....

IbmSpss Samplepower
3.5
CVSSv2
CVE-2013-5418

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL....

IbmWebsphere Application Server
10
CVSSv2
CVE-2008-4404

The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message...

IbmZseries
1.9
CVSSv2
CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461....

IbmBusiness Process Manager
6.4
CVSSv2
CVE-2018-1539

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561....

IbmRational Engineering Lifecycle Manager
6.8
CVSSv2
CVE-2015-1894

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences....

IbmOptim Workload Replay
4
CVSSv2
CVE-2012-4861

The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL....

IbmInfosphere Replication Server
5.8
CVSSv2
CVE-2012-4824

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter....

IbmLotus Notes Traveler
2.1
CVSSv2
CVE-2017-1478

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613....

IbmSecurity Access Manager 9.0 Firmware
5
CVSSv2
CVE-2011-1046

IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to...

IbmFilenet P8 Business Process ManagerFilenet P8 Content EngineFilenet P8 Content Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-11391CVE-2019-2719CVE-2019-2695oracleone-to-one fulfillmentcross-site request forgerymysqlcrm technical foundationCVE-2019-11218CVE-2019-2671unauthorizedinformation disclosureCVE-2019-8507