| CVE-2014-4748 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2014-4747 |
low |
— |
2.1 |
|
|
ibm |
12y ago |
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML… |
| CVE-2014-3071 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for add… |
| CVE-2014-3064 |
medium |
— |
6.3 |
|
|
ibm |
12y ago |
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… |
| CVE-2014-3045 |
low |
— |
2.1 |
|
|
ibm |
12y ago |
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to o… |
| CVE-2014-3043 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. |
| CVE-2014-0970 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… |
| CVE-2014-0968 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… |
| CVE-2014-0967 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… |
| CVE-2014-0957 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a cr… |
| CVE-2014-0894 |
low |
— |
4.5 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and Db… |
| CVE-2014-0875 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL … |
| CVE-2014-0871 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-p… |
| CVE-2014-0870 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrar… |
| CVE-2014-0869 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to ob… |
| CVE-2014-0868 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0867 |
medium |
— |
6.8 |
EXP |
|
ibm |
12y ago |
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… |
| CVE-2014-0866 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive informa… |
| CVE-2014-0865 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0864 |
medium |
— |
7.8 |
EXP |
|
ibm |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers… |
| CVE-2013-5423 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. |
| CVE-2014-3066 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, relat… |
| CVE-2014-3088 |
medium |
— |
5.5 |
|
|
ibm |
12y ago |
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to… |
| CVE-2013-3004 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitra… |
| CVE-2014-0891 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request ha… |
| CVE-2013-6311 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-6310 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6309 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. |
| CVE-2013-6308 |
medium |
— |
4.9 |
|
|
ibm |
12y ago |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. |
| CVE-2014-3011 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. |
| CVE-2011-1381 |
medium |
— |
6.4 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. |
| CVE-2013-6737 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticat… |
| CVE-2014-3013 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted… |
| CVE-2014-3012 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response spli… |
| CVE-2014-0910 |
low |
— |
4.5 |
EXP |
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject… |
| CVE-2014-0960 |
medium |
— |
6.6 |
|
|
ibm |
12y ago |
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed … |
| CVE-2014-3042 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) b… |
| CVE-2014-3977 |
medium |
— |
7.9 |
EXP |
|
ibm |
12y ago |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix… |
| CVE-2014-3038 |
low |
— |
3.6 |
|
|
ibm |
12y ago |
IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group… |
| CVE-2014-3036 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive i… |
| CVE-2014-0936 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows re… |
| CVE-2014-0929 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for … |
| CVE-2014-0961 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows re… |
| CVE-2014-0935 |
medium |
— |
4.6 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. |
| CVE-2014-0925 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and c… |
| CVE-2014-3010 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 … |
| CVE-2014-0878 |
medium |
— |
5.8 |
|
|
ibm |
12y ago |
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before… |
| CVE-2013-6714 |
medium |
— |
4.1 |
|
|
ibm |
12y ago |
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local user… |
| CVE-2013-6713 |
medium |
— |
4.1 |
|
|
ibm |
12y ago |
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, wh… |
| CVE-2014-0893 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allo… |
| CVE-2014-0849 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging memb… |
| CVE-2014-0825 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7… |
| CVE-2014-0824 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Ser… |
| CVE-2013-6741 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Managem… |
| CVE-2013-5465 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; S… |
| CVE-2013-5464 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote aut… |
| CVE-2013-5460 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and r… |
| CVE-2013-4016 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027… |
| CVE-2014-3867 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote at… |
| CVE-2013-2998 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive i… |
| CVE-2012-3333 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HT… |
| CVE-2014-3014 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via… |
| CVE-2014-0906 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leve… |
| CVE-2013-3984 |
low |
— |
2.9 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers t… |
| CVE-2013-3982 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. |
| CVE-2013-3981 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. |
| CVE-2013-3980 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users… |
| CVE-2013-3977 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. |
| CVE-2013-3975 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… |
| CVE-2013-3046 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack… |
| CVE-2014-3015 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary use… |
| CVE-2014-0959 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infi… |
| CVE-2014-0958 |
medium |
— |
5.8 |
|
|
ibm |
12y ago |
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect u… |
| CVE-2014-0956 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows … |
| CVE-2014-0955 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbi… |
| CVE-2014-0954 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obt… |
| CVE-2014-0952 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allow… |
| CVE-2014-0951 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML v… |
| CVE-2014-0949 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consu… |
| CVE-2014-0933 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-0917 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0… |
| CVE-2014-0946 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, whi… |
| CVE-2014-0945 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote… |
| CVE-2014-0944 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows… |
| CVE-2014-0913 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka S… |
| CVE-2014-0930 |
medium |
— |
4.7 |
|
|
ibm |
12y ago |
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT… |
| CVE-2014-0911 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. |
| CVE-2013-6726 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web scrip… |
| CVE-2014-0942 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script … |
| CVE-2014-0941 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script … |
| CVE-2014-0896 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. |
| CVE-2014-0859 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a de… |
| CVE-2014-0857 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted reques… |
| CVE-2014-0823 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. |
| CVE-2013-6323 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtu… |
| CVE-2013-6738 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an inv… |
| CVE-2014-0892 |
medium |
— |
5.0 |
|
linux-kernel |
ibm |
12y ago |
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by l… |
| CVE-2014-0932 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject … |
| CVE-2013-5459 |
medium |
— |
5.5 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modi… |
| CVE-2014-2401 |
medium |
— |
5.0 |
|
|
oracleibm |
12y ago |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
