| CVE-2012-3323 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2013-5370 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability … |
| CVE-2013-4042 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability … |
| CVE-2013-3041 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream … |
| CVE-2013-0598 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the au… |
| CVE-2013-5373 |
medium |
— |
6.9 |
|
|
ibm |
13y ago |
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by ap… |
| CVE-2013-4025 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplet… |
| CVE-2013-4024 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web… |
| CVE-2013-4022 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authenticati… |
| CVE-2013-4053 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.… |
| CVE-2013-4052 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.… |
| CVE-2013-0596 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2013-5369 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service. |
| CVE-2013-4048 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web sc… |
| CVE-2013-4047 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HT… |
| CVE-2013-3039 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. |
| CVE-2013-3038 |
medium |
— |
5.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. |
| CVE-2013-3037 |
medium |
— |
4.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. |
| CVE-2013-3036 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR… |
| CVE-2013-2992 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. |
| CVE-2013-4062 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, a… |
| CVE-2013-4061 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks… |
| CVE-2013-3031 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users … |
| CVE-2013-2997 |
low |
— |
1.7 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. |
| CVE-2013-0531 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive informat… |
| CVE-2013-4003 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2013-4039 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via … |
| CVE-2013-4033 |
medium |
— |
4.6 |
|
|
ibm |
13y ago |
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. |
| CVE-2013-2988 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-2978 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-0595 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0591 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0590 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0586 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script … |
| CVE-2013-0566 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM W… |
| CVE-2013-2979 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a cr… |
| CVE-2013-4005 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 a… |
| CVE-2013-4004 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject … |
| CVE-2013-3029 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.… |
| CVE-2013-2976 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allo… |
| CVE-2013-2967 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 a… |
| CVE-2013-0597 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated use… |
| CVE-2013-3016 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. |
| CVE-2013-3040 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to … |
| CVE-2013-3034 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via ve… |
| CVE-2013-0587 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2)… |
| CVE-2013-0585 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or H… |
| CVE-2013-0494 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. |
| CVE-2013-0492 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3990 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2013-3032 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors… |
| CVE-2013-3027 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. |
| CVE-2013-3996 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. |
| CVE-2013-3995 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3992 |
medium |
— |
6.0 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2013-2994 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST reques… |
| CVE-2013-2993 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the conte… |
| CVE-2013-3033 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecifi… |
| CVE-2013-3999 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3979 |
low |
— |
3.5 |
|
|
ibmmicrosoft |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when… |
| CVE-2013-3012 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows r… |
| CVE-2013-3011 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows r… |
| CVE-2013-3010 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity vi… |
| CVE-2013-3009 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invok… |
| CVE-2013-3008 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a differ… |
| CVE-2013-3007 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity vi… |
| CVE-2013-3006 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a differ… |
| CVE-2013-0559 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. |
| CVE-2012-6349 |
critical |
— |
9.3 |
|
|
autonomyibm |
13y ago |
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. |
| CVE-2013-1777 |
critical |
— |
10.0 |
|
|
apacheibm |
13y ago |
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 |
| CVE-2013-0581 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTM… |
| CVE-2013-3020 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2987 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2985 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-2984 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. |
| CVE-2013-2982 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. |
| CVE-2013-0568 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0567 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0560 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecif… |
| CVE-2013-0558 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors. |
| CVE-2013-0539 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijac… |
| CVE-2013-0481 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception. |
| CVE-2013-0479 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access res… |
| CVE-2013-0476 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. |
| CVE-2013-0475 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0468 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2013-0463 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors… |
| CVE-2013-0456 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path. |
| CVE-2012-5936 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capt… |
| CVE-2012-5766 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors … |
| CVE-2013-3028 |
medium |
— |
4.6 |
|
|
ibm |
13y ago |
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… |
| CVE-2013-3003 |
critical |
— |
9.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors. |
| CVE-2013-2983 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecifie… |
| CVE-2013-0455 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2013-0523 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remot… |
| CVE-2013-2961 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manage… |
| CVE-2013-2960 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Man… |
| CVE-2013-0551 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (forme… |
| CVE-2013-0548 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as us… |
| CVE-2013-0534 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging… |
