| CVE-2013-4065 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip… |
| CVE-2013-4064 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary… |
| CVE-2013-4063 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an … |
| CVE-2013-4046 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … |
| CVE-2013-4045 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbi… |
| CVE-2013-4044 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. |
| CVE-2013-6717 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remo… |
| CVE-2013-5462 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click… |
| CVE-2013-5452 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration … |
| CVE-2013-5426 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… |
| CVE-2013-5422 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database name… |
| CVE-2013-5466 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspe… |
| CVE-2013-5440 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a fail… |
| CVE-2013-5402 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Lif… |
| CVE-2013-5398 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-5397 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-6733 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2013-6721 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web… |
| CVE-2013-6327 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web … |
| CVE-2013-5438 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-4001 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. |
| CVE-2013-4000 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o… |
| CVE-2013-3043 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-3042 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-5404 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational T… |
| CVE-2013-5447 |
medium |
— |
7.8 |
EXP |
|
ibm |
13y ago |
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. |
| CVE-2013-5455 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… |
| CVE-2013-5449 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5… |
| CVE-2013-6307 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5463 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. |
| CVE-2013-5448 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary w… |
| CVE-2013-6322 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject ar… |
| CVE-2013-4036 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborat… |
| CVE-2013-5458 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2013-5457 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2013-5456 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to des… |
| CVE-2013-5375 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors… |
| CVE-2013-4041 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. |
| CVE-2013-6312 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via … |
| CVE-2013-5418 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenti… |
| CVE-2013-5417 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web scri… |
| CVE-2013-5414 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role … |
| CVE-2013-4006 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem… |
| CVE-2013-5454 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary file… |
| CVE-2013-5425 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitr… |
| CVE-2013-4034 |
medium |
— |
5.0 |
EXP |
|
ibm |
13y ago |
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… |
| CVE-2013-3030 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers t… |
| CVE-2013-5453 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. |
| CVE-2013-5450 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly… |
| CVE-2013-5379 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leverag… |
| CVE-2013-5378 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connection… |
| CVE-2013-3985 |
low |
— |
2.9 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak sett… |
| CVE-2013-3045 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. |
| CVE-2013-3044 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting… |
| CVE-2013-0537 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. |
| CVE-2013-3986 |
medium |
— |
5.3 |
EXP |
|
ibm |
13y ago |
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. |
| CVE-2013-4055 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-4051 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-4050 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified vic… |
| CVE-2013-5387 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request d… |
| CVE-2013-5431 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway… |
| CVE-2013-5430 |
medium |
— |
5.5 |
|
|
ibm |
13y ago |
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access… |
| CVE-2013-5424 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-lev… |
| CVE-2013-3989 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequen… |
| CVE-2013-5389 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… |
| CVE-2013-5388 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… |
| CVE-2013-5372 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial o… |
| CVE-2013-5376 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors,… |
| CVE-2013-3025 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-0500 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authen… |
| CVE-2013-5394 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. |
| CVE-2013-5390 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HT… |
| CVE-2013-4804 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. |
| CVE-2013-4056 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows rem… |
| CVE-2013-2366 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZD… |
| CVE-2013-0580 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the… |
| CVE-2013-0579 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's… |
| CVE-2013-0577 |
medium |
— |
5.2 |
|
|
ibm |
13y ago |
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or de… |
| CVE-2013-4067 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via un… |
| CVE-2013-4066 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. |
| CVE-2013-4032 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote atta… |
| CVE-2013-5383 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than… |
| CVE-2013-5382 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than… |
| CVE-2013-5381 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. |
| CVE-2013-5380 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. |
| CVE-2013-4027 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-4021 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. |
| CVE-2013-4020 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-4019 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecif… |
| CVE-2013-4018 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-4017 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4014 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML v… |
| CVE-2013-4013 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2013-3973 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-3972 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-3971 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability tha… |
| CVE-2013-3049 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability tha… |
| CVE-2013-3048 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web scrip… |
| CVE-2013-3047 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. |
| CVE-2013-0451 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
