| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. |
| IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output. |
| The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. |
| Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. |
| IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. |
| IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943. |
| IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. |
| IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934. |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935. |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935. |
| IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. |
| IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. |
