Search Results (702 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8999 1 Ibm 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud 2025-04-20 N/A
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
CVE-2016-5994 1 Ibm 1 Infosphere Information Server 2025-04-20 N/A
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
CVE-2022-43859 1 Ibm 1 I 2025-04-15 6.3 Medium
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
CVE-2022-43860 1 Ibm 1 I 2025-04-15 4.3 Medium
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
CVE-2022-43857 1 Ibm 1 I 2025-04-15 4.3 Medium
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
CVE-2022-43858 1 Ibm 1 I 2025-04-15 4.3 Medium
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.
CVE-2014-8899 1 Ibm 2 Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8898.
CVE-2015-1945 1 Ibm 1 Infosphere Master Data Management Server 2025-04-12 N/A
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2015-7422 2 Ibm, Microsoft 2 I Access, Windows 2025-04-12 N/A
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
CVE-2015-1910 1 Ibm 1 Infosphere Master Data Management Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-2961 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
CVE-2015-7490 1 Ibm 1 Infosphere Information Server 2025-04-12 N/A
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.
CVE-2015-7416 2 Ibm, Microsoft 2 I Access, Windows 2025-04-12 N/A
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.
CVE-2015-5021 1 Ibm 1 Infosphere Information Server 2025-04-12 N/A
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.
CVE-2016-2867 1 Ibm 2 Infosphere Streams, Streams 2025-04-12 N/A
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
CVE-2015-5020 1 Ibm 1 Infosphere Biginsights 2025-04-12 N/A
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.
CVE-2015-1909 1 Ibm 1 Infosphere Master Data Management Server 2025-04-12 N/A
The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-0226 2 Ibm, Microsoft 2 Informix Dynamic Server, Windows 2025-04-12 N/A
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
CVE-2015-5011 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.
CVE-2015-1901 1 Ibm 1 Infosphere Information Server 2025-04-12 N/A
The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.