CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1278 79 Exec Code XSS 2017-06-12 2017-06-16
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
2 CVE-2017-1274 119 Exec Code Overflow 2017-04-25 2017-05-31
6.5
None Remote Low Single system Partial Partial Partial
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
3 CVE-2017-1161 20 Exec Code 2017-04-17 2017-04-25
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956.
4 CVE-2017-1122 77 Exec Code 2017-04-20 2017-04-27
6.9
None Local Medium Not required Complete Complete Complete
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
5 CVE-2017-1092 285 Exec Code 2017-05-22 2017-06-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
6 CVE-2016-9984 264 Exec Code 2017-06-13 2017-06-16
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
7 CVE-2016-9976 284 Exec Code 2017-05-03 2017-05-12
6.8
None Remote Medium Not required Partial Partial Partial
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
8 CVE-2016-9727 20 Exec Code 2017-03-07 2017-03-09
8.5
None Remote Medium Single system Complete Complete Complete
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
9 CVE-2016-9726 20 Exec Code 2017-03-07 2017-03-09
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
10 CVE-2016-9696 79 Exec Code XSS 2017-03-20 2017-03-23
3.5
None Remote Medium Single system None Partial None
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
11 CVE-2016-8998 119 Exec Code Overflow 2017-02-24 2017-03-01
6.0
None Remote Medium Single system Partial Partial Partial
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
12 CVE-2016-8938 284 Exec Code 2017-02-01 2017-02-13
10.0
None Remote Low Not required Complete Complete Complete
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
13 CVE-2016-8932 284 Exec Code 2017-02-01 2017-02-07
6.5
None Remote Low Single system Partial Partial Partial
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
14 CVE-2016-8931 284 Exec Code 2017-02-01 2017-02-07
6.5
None Remote Low Single system Partial Partial Partial
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
15 CVE-2016-8921 434 Exec Code 2017-02-01 2017-02-13
6.5
None Remote Low Single system Partial Partial Partial
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
16 CVE-2016-6124 434 Exec Code 2017-02-01 2017-02-07
6.5
None Remote Low Single system Partial Partial Partial
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
17 CVE-2016-6115 119 Exec Code Overflow 2017-02-01 2017-02-15
9.0
None Remote Low Single system Complete Complete Complete
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
18 CVE-2016-6104 434 Exec Code 2017-02-07 2017-02-13
6.5
None Remote Low Single system Partial Partial Partial
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
19 CVE-2016-6082 416 Exec Code 2017-02-01 2017-02-08
10.0
None Remote Low Not required Complete Complete Complete
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
20 CVE-2016-6077 284 Exec Code 2017-02-15 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
21 CVE-2016-6065 78 Exec Code 2017-02-01 2017-02-07
7.2
None Local Low Not required Complete Complete Complete
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
22 CVE-2016-6042 119 Exec Code Overflow 2017-02-01 2017-02-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.
23 CVE-2016-6037 79 Exec Code XSS 2017-05-10 2017-05-15
3.5
None Remote Medium Single system None Partial None
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.
24 CVE-2016-5985 119 Exec Code Overflow 2017-02-01 2017-02-13
7.2
None Local Low Not required Complete Complete Complete
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
25 CVE-2016-5983 284 Exec Code 2016-10-05 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
26 CVE-2016-5963 284 Exec Code 2016-09-26 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
27 CVE-2016-5934 264 Exec Code 2017-02-08 2017-02-15
6.9
None Local Medium Not required Complete Complete Complete
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
28 CVE-2016-5897 79 Exec Code XSS 2017-02-01 2017-02-07
3.5
None Remote Medium Single system None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
29 CVE-2016-5879 20 Exec Code 2016-09-02 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
30 CVE-2016-3028 78 Exec Code 2016-11-24 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
31 CVE-2016-2950 89 Exec Code Sql 2016-11-30 2016-12-02
4.0
None Remote Low Single system Partial None None
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
32 CVE-2016-2941 200 Exec Code +Info 2017-02-01 2017-02-10
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
33 CVE-2016-2914 434 Exec Code 2016-08-07 2016-11-28
5.5
None Remote Low Single system None Partial Partial
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
34 CVE-2016-2876 78 Exec Code 2016-11-30 2016-12-22
8.5
None Remote Medium Single system Complete Complete Complete
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.
35 CVE-2016-2875 77 Exec Code 2016-08-07 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
36 CVE-2016-2873 89 Exec Code Sql 2016-11-30 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
37 CVE-2016-0396 77 Exec Code 2017-02-01 2017-02-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
38 CVE-2016-0376 Exec Code Bypass 2016-06-03 2016-11-29
5.1
None Remote High Not required Partial Partial Partial
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
39 CVE-2016-0360 502 Exec Code 2017-02-15 2017-02-22
7.5
None Remote Low Not required Partial Partial Partial
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.
40 CVE-2016-0328 77 Exec Code 2016-10-21 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
41 CVE-2016-0326 77 Exec Code 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
42 CVE-2016-0325 78 Exec Code 2016-11-24 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.
43 CVE-2016-0304 284 Exec Code Bypass 2016-06-28 2016-06-29
6.8
None Remote Medium Not required Partial Partial Partial
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.
44 CVE-2016-0301 119 Exec Code Overflow 2016-06-26 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.
45 CVE-2016-0279 284 Exec Code Overflow 2016-06-26 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.
46 CVE-2016-0278 284 Exec Code Overflow 2016-06-26 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.
47 CVE-2016-0277 284 Exec Code Overflow 2016-06-26 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.
48 CVE-2016-0264 119 Exec Code Overflow 2016-05-24 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
49 CVE-2016-0249 89 Exec Code Sql 2016-10-16 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
50 CVE-2016-0236 77 Exec Code 2016-10-21 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
Total number of vulnerabilities : 473   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.