Filtered by vendor Ibm
Subscriptions
Total
7956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1386 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. | ||||
| CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | ||||
| CVE-2011-1393 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. | ||||
| CVE-2011-1395 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. | ||||
| CVE-2011-1397 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2011-1512 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2025-04-11 | N/A |
| Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. | ||||
| CVE-2011-1520 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | ||||
| CVE-2011-1558 | 1 Ibm | 1 Webi | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | ||||
| CVE-2011-1559 | 1 Ibm | 1 Webi | 2025-04-11 | N/A |
| Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. | ||||
| CVE-2011-1560 | 1 Ibm | 1 Soliddb | 2025-04-11 | N/A |
| solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value. | ||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2025-04-11 | N/A |
| The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | ||||
| CVE-2012-2179 | 1 Ibm | 1 Aix | 2025-04-11 | N/A |
| libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2011-1683 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | ||||
| CVE-2011-1821 | 2 Ibm, Microsoft | 2 Tivoli Directory Server, Windows | 2025-04-11 | N/A |
| IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. | ||||
| CVE-2011-1822 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. | ||||
| CVE-2011-2141 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | N/A |
| SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-2142 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | N/A |
| The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. | ||||
| CVE-2011-2143 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | N/A |
| IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. | ||||
| CVE-2011-2163 | 1 Ibm | 2 Systems Director, Virtualization Manager | 2025-04-11 | N/A |
| Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. | ||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | N/A |
| Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | ||||