| CVE-2013-3041 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream … |
| CVE-2013-0598 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the au… |
| CVE-2013-5373 |
medium |
— |
6.9 |
|
|
ibm |
13y ago |
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by ap… |
| CVE-2013-4025 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplet… |
| CVE-2013-4024 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web… |
| CVE-2013-4022 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authenticati… |
| CVE-2013-4053 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.… |
| CVE-2013-4052 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.… |
| CVE-2013-0596 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2013-4048 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web sc… |
| CVE-2013-4047 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HT… |
| CVE-2013-3039 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. |
| CVE-2013-3038 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. |
| CVE-2013-3037 |
medium |
— |
4.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. |
| CVE-2013-3036 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR… |
| CVE-2013-2992 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. |
| CVE-2013-4062 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, a… |
| CVE-2013-4061 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks… |
| CVE-2013-3031 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users … |
| CVE-2013-2997 |
low |
— |
1.7 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. |
| CVE-2013-0531 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive informat… |
| CVE-2013-4003 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2013-4039 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via … |
| CVE-2013-4033 |
medium |
— |
4.6 |
|
|
ibm |
13y ago |
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. |
| CVE-2013-2988 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-2978 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-0595 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0591 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0590 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0586 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script … |
| CVE-2013-0566 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM W… |
| CVE-2013-2979 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a cr… |
| CVE-2013-4005 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 a… |
| CVE-2013-4004 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject … |
| CVE-2013-3029 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.… |
| CVE-2013-2976 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allo… |
| CVE-2013-2967 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 a… |
| CVE-2013-0597 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated use… |
| CVE-2013-3016 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. |
| CVE-2013-3040 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to … |
| CVE-2013-3034 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via ve… |
| CVE-2013-0587 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2)… |
| CVE-2013-0585 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or H… |
| CVE-2013-0494 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. |
| CVE-2013-0492 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3990 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2013-3032 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2013-3996 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. |
| CVE-2013-3995 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3992 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2013-2994 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST reques… |
| CVE-2013-2993 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the conte… |
| CVE-2013-3033 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecifi… |
| CVE-2013-3999 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3979 |
low |
— |
3.5 |
|
|
ibmmicrosoft |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when… |
| CVE-2013-0559 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. |
| CVE-2013-0581 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTM… |
| CVE-2013-3020 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2987 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2985 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2984 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. |
| CVE-2013-2982 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. |
| CVE-2013-0568 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0567 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0560 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecif… |
| CVE-2013-0558 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors. |
| CVE-2013-0539 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijac… |
| CVE-2013-0481 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception. |
| CVE-2013-0479 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access res… |
| CVE-2013-0476 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. |
| CVE-2013-0475 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0468 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2013-0463 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0456 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path. |
| CVE-2012-5936 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capt… |
| CVE-2012-5766 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors … |
| CVE-2013-3028 |
medium |
— |
4.6 |
|
|
ibm |
13y ago |
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… |
| CVE-2013-2983 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecifie… |
| CVE-2013-0455 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2013-0523 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remot… |
| CVE-2013-2961 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manage… |
| CVE-2013-2960 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Man… |
| CVE-2013-0551 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (forme… |
| CVE-2013-0548 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as us… |
| CVE-2013-0534 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging… |
| CVE-2013-0529 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attack… |
| CVE-2013-0527 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensit… |
| CVE-2013-2969 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web… |
| CVE-2013-2968 |
medium |
— |
6.3 |
|
|
ibm |
13y ago |
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service v… |
| CVE-2013-0484 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpe… |
| CVE-2013-2981 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2013-2980 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access … |
| CVE-2013-2970 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vec… |
| CVE-2013-0464 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitr… |
| CVE-2013-2950 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka … |
| CVE-2013-0549 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, wh… |
| CVE-2013-0482 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Securit… |
| CVE-2013-2989 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read p… |
| CVE-2013-0599 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by pro… |
| CVE-2013-0576 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 all… |
