CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-0391 284 2016-07-02 2016-07-07
7.5
None Remote Low Not required Partial Partial Partial
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
2 CVE-2016-0271 264 2016-07-07 2016-07-08
7.2
Admin Local Low Not required Complete Complete Complete
The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.
3 CVE-2016-0230 264 2016-07-07 2016-07-08
7.2
Admin Local Low Not required Complete Complete Complete
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.
4 CVE-2016-0224 89 Exec Code Sql 2016-06-27 2016-06-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2015-8522 119 Exec Code Overflow 2016-04-05 2016-04-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.
6 CVE-2015-8521 119 Exec Code Overflow 2016-04-05 2016-04-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.
7 CVE-2015-8520 119 Exec Code Overflow 2016-04-05 2016-04-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.
8 CVE-2015-8519 119 Exec Code Overflow 2016-04-05 2016-04-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.
9 CVE-2015-7820 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
10 CVE-2015-7818 264 Exec Code 2015-11-11 2015-11-12
7.2
None Local Low Not required Complete Complete Complete
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
11 CVE-2015-7817 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
12 CVE-2015-7489 264 +Priv 2015-12-31 2016-01-05
7.2
None Local Low Not required Complete Complete Complete
IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.
13 CVE-2015-7419 399 DoS 2015-11-13 2015-11-16
7.8
None Remote Low Not required None None Complete
IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
14 CVE-2015-5043 264 2015-11-08 2015-11-09
7.2
Admin Local Low Not required Complete Complete Complete
diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences.
15 CVE-2015-5040 119 DoS Exec Code Overflow 2015-10-29 2015-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.
16 CVE-2015-5038 DoS 2016-01-03 2016-08-04
7.8
None Remote Low Not required None None Complete
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
17 CVE-2015-4994 119 DoS Exec Code Overflow 2015-10-29 2015-10-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.
18 CVE-2015-4988 22 Dir. Trav. 2016-01-18 2016-01-21
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
19 CVE-2015-4974 77 Exec Code 2015-10-25 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
20 CVE-2015-4963 17 2015-11-08 2015-11-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
21 CVE-2015-4927 264 +Priv 2015-11-03 2015-11-04
7.2
None Local Low Not required Complete Complete Complete
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
22 CVE-2015-2023 119 Overflow +Priv 2016-01-02 2016-01-07
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
23 CVE-2015-1992 +Priv 2015-08-23 2015-08-24
7.2
None Local Low Not required Complete Complete Complete
IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors.
24 CVE-2015-1987 399 DoS 2015-08-03 2015-08-04
7.8
None Remote Low Not required None None Complete
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.
25 CVE-2015-1965 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1964.
26 CVE-2015-1964 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1965.
27 CVE-2015-1963 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1964, and CVE-2015-1965.
28 CVE-2015-1962 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
29 CVE-2015-1958 399 DoS 2015-08-03 2015-08-04
7.8
None Remote Low Not required None None Complete
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.
30 CVE-2015-1956 399 DoS 2015-08-03 2015-08-04
7.8
None Remote Low Not required None None Complete
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.
31 CVE-2015-1955 399 DoS 2015-08-03 2015-08-04
7.8
None Remote Low Not required None None Complete
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data.
32 CVE-2015-1954 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
33 CVE-2015-1953 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
34 CVE-2015-1948 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
35 CVE-2015-1943 399 DoS 2015-09-14 2015-09-15
7.8
None Remote Low Not required None None Complete
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
36 CVE-2015-1941 200 +Info 2015-06-30 2015-07-01
7.8
None Remote Low Not required Complete None None
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.
37 CVE-2015-1937 284 2015-05-30 2015-06-02
7.5
None Remote Low Not required Partial Partial Partial
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
38 CVE-2015-1930 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
39 CVE-2015-1929 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
40 CVE-2015-1925 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
41 CVE-2015-1924 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
42 CVE-2015-1923 119 DoS Overflow 2015-06-30 2015-07-01
7.8
None Remote Low Not required None None Complete
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
43 CVE-2015-1900 264 2015-06-29 2016-08-03
7.2
Admin Local Low Not required Complete Complete Complete
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.
44 CVE-2015-1899 399 DoS 2015-05-24 2015-05-26
7.8
None Remote Low Not required None None Complete
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
45 CVE-2015-1898 119 Overflow +Priv 2015-04-15 2016-08-03
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897.
46 CVE-2015-1897 119 Overflow +Priv 2015-04-15 2015-10-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898.
47 CVE-2015-1886 399 DoS 2015-04-27 2016-08-03
7.8
None Remote Low Not required None None Complete
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
48 CVE-2015-1836 284 DoS +Info 2015-12-21 2015-12-22
7.5
None Remote Low Not required Partial Partial Partial
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
49 CVE-2015-0197 264 2015-03-23 2015-03-24
7.2
Admin Local Low Not required Complete Complete Complete
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.
50 CVE-2015-0192 +Priv 2015-07-02 2015-07-07
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
Total number of vulnerabilities : 450   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.