| CVE-2013-6334 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0… |
| CVE-2013-6735 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow… |
| CVE-2013-6723 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp… |
| CVE-2013-6328 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.… |
| CVE-2013-6316 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers … |
| CVE-2013-5421 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web s… |
| CVE-2013-4012 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a… |
| CVE-2013-5413 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended work… |
| CVE-2013-5411 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. |
| CVE-2013-5409 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5407 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain … |
| CVE-2013-4070 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. |
| CVE-2013-4069 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara… |
| CVE-2013-4063 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an … |
| CVE-2013-4046 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … |
| CVE-2013-4045 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbi… |
| CVE-2013-4044 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. |
| CVE-2013-6717 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remo… |
| CVE-2013-5462 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click… |
| CVE-2013-5426 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… |
| CVE-2013-5422 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database name… |
| CVE-2013-5466 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspe… |
| CVE-2013-6733 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2013-6327 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web … |
| CVE-2013-5438 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-4001 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. |
| CVE-2013-4000 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o… |
| CVE-2013-5447 |
medium |
— |
7.8 |
EXP |
|
ibm |
13y ago |
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. |
| CVE-2013-5455 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… |
| CVE-2013-5449 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5… |
| CVE-2013-5463 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. |
| CVE-2013-5375 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors… |
| CVE-2013-4041 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. |
| CVE-2013-6312 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via … |
| CVE-2013-5417 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web scri… |
| CVE-2013-4006 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem… |
| CVE-2013-5454 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary file… |
| CVE-2013-4034 |
medium |
— |
5.0 |
EXP |
|
ibm |
13y ago |
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… |
| CVE-2013-3030 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers t… |
| CVE-2013-5450 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly… |
| CVE-2013-3986 |
medium |
— |
5.3 |
EXP |
|
ibm |
13y ago |
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. |
| CVE-2013-4050 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified vic… |
| CVE-2013-5387 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request d… |
| CVE-2013-5431 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway… |
| CVE-2013-5430 |
medium |
— |
5.5 |
|
|
ibm |
13y ago |
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access… |
| CVE-2013-5424 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-lev… |
| CVE-2013-5389 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… |
| CVE-2013-5388 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… |
| CVE-2013-5372 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial o… |
| CVE-2013-5376 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors,… |
| CVE-2013-3025 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-0500 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authen… |
| CVE-2013-5394 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. |
| CVE-2013-4056 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows rem… |
| CVE-2013-0580 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the… |
| CVE-2013-0579 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's… |
| CVE-2013-0577 |
medium |
— |
5.2 |
|
|
ibm |
13y ago |
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or de… |
| CVE-2013-4067 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via un… |
| CVE-2013-4066 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. |
| CVE-2013-4032 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote atta… |
| CVE-2013-5383 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than… |
| CVE-2013-5382 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than… |
| CVE-2013-5381 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. |
| CVE-2013-4027 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-4021 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. |
| CVE-2013-4020 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-4018 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-4017 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4014 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML v… |
| CVE-2013-4013 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2013-3973 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-3972 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-3971 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability tha… |
| CVE-2013-3049 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability tha… |
| CVE-2013-3047 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. |
| CVE-2013-0451 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-3323 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2013-3041 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream … |
| CVE-2013-0598 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the au… |
| CVE-2013-5373 |
medium |
— |
6.9 |
|
|
ibm |
13y ago |
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by ap… |
| CVE-2013-4024 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web… |
| CVE-2013-4053 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.… |
| CVE-2013-4052 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.… |
| CVE-2013-0596 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2013-4047 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HT… |
| CVE-2013-3039 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. |
| CVE-2013-3038 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. |
| CVE-2013-3037 |
medium |
— |
4.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. |
| CVE-2013-3036 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR… |
| CVE-2013-2992 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. |
| CVE-2013-4062 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, a… |
| CVE-2013-4061 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks… |
| CVE-2013-0531 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive informat… |
| CVE-2013-4039 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via … |
| CVE-2013-4033 |
medium |
— |
4.6 |
|
|
ibm |
13y ago |
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. |
| CVE-2013-0595 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0566 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM W… |
| CVE-2013-2979 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a cr… |
| CVE-2013-3029 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.… |
| CVE-2013-2967 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 a… |
