CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1092 285 Exec Code 2017-05-22 2017-06-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
2 CVE-2016-9726 20 Exec Code 2017-03-07 2017-03-09
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
3 CVE-2016-9691 611 DoS 2017-05-05 2017-05-12
9.0
None Remote Low Not required Partial Partial Complete
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.
4 CVE-2016-8938 284 Exec Code 2017-02-01 2017-02-13
10.0
None Remote Low Not required Complete Complete Complete
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
5 CVE-2016-6115 119 Exec Code Overflow 2017-02-01 2017-02-15
9.0
None Remote Low Single system Complete Complete Complete
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
6 CVE-2016-6090 DoS 2017-02-01 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.
7 CVE-2016-6082 416 Exec Code 2017-02-01 2017-02-08
10.0
None Remote Low Not required Complete Complete Complete
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
8 CVE-2016-6042 119 Exec Code Overflow 2017-02-01 2017-02-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.
9 CVE-2016-4448 2016-06-09 2017-02-28
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
10 CVE-2016-3028 78 Exec Code 2016-11-24 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
11 CVE-2016-2875 77 Exec Code 2016-08-07 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
12 CVE-2016-0375 264 2016-06-30 2016-07-08
9.0
None Remote Low Single system Complete Complete Complete
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
13 CVE-2016-0236 77 Exec Code 2016-10-21 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
14 CVE-2016-0216 119 DoS Overflow 2016-02-29 2016-03-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.
15 CVE-2016-0213 119 DoS Overflow 2016-02-29 2016-03-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.
16 CVE-2016-0212 119 DoS Overflow 2016-02-29 2016-03-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.
17 CVE-2015-7450 94 Exec Code 2016-01-02 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
18 CVE-2015-7426 78 Exec Code 2016-01-02 2016-01-07
10.0
None Remote Low Not required Complete Complete Complete
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
19 CVE-2015-7425 264 2016-02-21 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
20 CVE-2015-7411 264 +Priv 2016-03-11 2016-12-02
9.0
Admin Remote Low Single system Complete Complete Complete
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.
21 CVE-2015-5014 20 2015-10-25 2015-10-26
9.3
None Remote Medium Not required Complete Complete Complete
IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.
22 CVE-2015-4947 119 Exec Code Overflow 2015-09-15 2016-12-21
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors.
23 CVE-2015-4935 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934.
24 CVE-2015-4934 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935.
25 CVE-2015-4933 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935.
26 CVE-2015-4932 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
27 CVE-2015-4931 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
28 CVE-2015-4930 77 Exec Code 2015-10-03 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access.
29 CVE-2015-2016 Exec Code 2015-10-03 2015-10-05
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors.
30 CVE-2015-2011 77 Exec Code 2015-10-03 2015-10-05
9.0
None Remote Low Single system Complete Complete Complete
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
31 CVE-2015-1986 77 Exec Code 2015-06-30 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.
32 CVE-2015-1961 284 Exec Code Bypass 2015-07-13 2016-11-29
9.0
None Remote Low Single system Complete Complete Complete
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
33 CVE-2015-1949 77 Exec Code 2015-06-30 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
34 CVE-2015-1942 20 2015-06-30 2016-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port.
35 CVE-2015-1938 77 Exec Code 2015-06-30 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986.
36 CVE-2015-1920 284 Exec Code 2015-05-19 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
37 CVE-2015-1903 119 Exec Code Overflow 2015-05-20 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.
38 CVE-2015-1902 119 Exec Code Overflow 2015-05-20 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.
39 CVE-2015-1896 119 Exec Code Overflow 2015-05-24 2016-12-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors.
40 CVE-2015-1885 264 +Priv 2015-04-27 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.
41 CVE-2015-0198 287 Bypass 2015-03-23 2016-12-30
10.0
Admin Remote Low Not required Complete Complete Complete
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.
42 CVE-2015-0160 264 Exec Code 2015-05-25 2015-05-26
9.0
Admin Remote Low Single system Complete Complete Complete
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
43 CVE-2015-0135 189 DoS Exec Code 2015-04-21 2015-09-02
10.0
None Remote Low Not required Complete Complete Complete
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
44 CVE-2015-0134 119 Exec Code Overflow 2015-04-05 2016-08-24
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.
45 CVE-2015-0117 DoS Exec Code Mem. Corr. 2015-04-05 2016-08-23
10.0
None Remote Low Not required Complete Complete Complete
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.
46 CVE-2014-9768 264 +Priv 2016-03-18 2016-03-21
9.0
None Remote Low Single system Complete Complete Complete
** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability.
47 CVE-2014-8891 Exec Code 2015-03-06 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
48 CVE-2014-6221 310 2015-04-05 2016-11-28
9.4
None Remote Low Not required Complete Complete None
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
49 CVE-2014-6158 22 Exec Code Dir. Trav. 2015-01-09 2017-01-02
9.0
None Remote Low Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
50 CVE-2014-6140 310 Exec Code 2014-12-06 2015-01-02
9.3
None Remote Medium Not required Complete Complete Complete
IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.
Total number of vulnerabilities : 366   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.