Latest CVE Feed
-
5.4
MEDIUMCVE-2015-5035
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability th... Read more
Affected Products : connections- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : curam_social_program_management- EPSS Score: %0.13
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-5017
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset M... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_asset_management_essentials maximo_for_government +3 more products- EPSS Score: %0.10
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
8.5
HIGHCVE-2015-5003
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.... Read more
Affected Products : tivoli_monitoring- EPSS Score: %1.32
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-4962
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before ... Read more
- EPSS Score: %0.07
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2015-4946
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x bef... Read more
- EPSS Score: %0.05
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, w... Read more
- EPSS Score: %2.47
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-2007
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more
Affected Products : qradar_security_information_and_event_manager- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.6
MEDIUMCVE-2015-1985
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more
Affected Products : mq_appliance_m2000- EPSS Score: %0.04
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1971
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0... Read more
- EPSS Score: %0.25
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP ... Read more
Affected Products : node.js- EPSS Score: %1.50
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7452
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive informatio... Read more
- EPSS Score: %0.16
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransf... Read more
- Actively Exploited
- EPSS Score: %93.83
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
4.7
MEDIUMCVE-2015-7438
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.... Read more
Affected Products : sterling_b2b_integrator- EPSS Score: %0.04
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-7437
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.... Read more
Affected Products : sterling_b2b_integrator- EPSS Score: %0.04
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
2.5
LOWCVE-2015-7436
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves us... Read more
Affected Products : tivoli_common_reporting- EPSS Score: %0.04
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
2.5
LOWCVE-2015-7435
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local... Read more
Affected Products : tivoli_common_reporting- EPSS Score: %0.05
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2015-7431
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more
Affected Products : sterling_b2b_integrator- EPSS Score: %0.22
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
8.4
HIGHCVE-2015-7430
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.... Read more
- EPSS Score: %0.05
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2015-7426
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spec... Read more
- EPSS Score: %2.73
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025