Skip to main content
CVE-2015-4930 CRITICAL PATCH Act Now

IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 2.0
9.0
EPSS
2.4%
CVE-2015-2011 CRITICAL PATCH Act Now

The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2015-2016 CRITICAL PATCH Act Now

Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
9.0
EPSS
0.9%
CVE-2015-2026 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Websphere Extreme Scale
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-2030 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1934 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-2025 MEDIUM PATCH This Month

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2029 MEDIUM PATCH This Month

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2028 MEDIUM PATCH This Month

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Code Injection Websphere Extreme Scale
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1969 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Tivoli Common Reporting
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-2031 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Extreme Scale
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1988 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS VMware Tivoli Storage Flashcopy Manager Tivoli Storage Manager For Virtual Environments
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1983 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Urbancode Build
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-2027 LOW PATCH Monitor

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Privilege Escalation Websphere Extreme Scale
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1933 LOW PATCH Monitor

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy