| CVE-2014-3025 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3… |
| CVE-2014-0948 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code v… |
| CVE-2014-0947 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. |
| CVE-2014-0915 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3… |
| CVE-2014-0914 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for Sm… |
| CVE-2014-3057 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2014-3056 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR v… |
| CVE-2014-3055 |
high |
— |
7.5 |
|
|
ibm |
12y ago |
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified … |
| CVE-2014-3054 |
medium |
— |
5.8 |
|
|
ibm |
12y ago |
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites… |
| CVE-2014-3050 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspeci… |
| CVE-2014-3026 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to in… |
| CVE-2014-3020 |
medium |
— |
6.9 |
|
|
ibm |
12y ago |
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, wh… |
| CVE-2014-0889 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for I… |
| CVE-2014-4748 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2014-4747 |
low |
— |
2.1 |
|
|
ibm |
12y ago |
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML… |
| CVE-2014-3071 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for add… |
| CVE-2014-3064 |
medium |
— |
6.3 |
|
|
ibm |
12y ago |
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… |
| CVE-2014-3045 |
low |
— |
2.1 |
|
|
ibm |
12y ago |
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to o… |
| CVE-2014-3043 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. |
| CVE-2014-0970 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… |
| CVE-2014-0968 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… |
| CVE-2014-0967 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Serv… |
| CVE-2014-0957 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a cr… |
| CVE-2014-0894 |
low |
— |
4.5 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and Db… |
| CVE-2014-0875 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL … |
| CVE-2014-0871 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-p… |
| CVE-2014-0870 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrar… |
| CVE-2014-0869 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to ob… |
| CVE-2014-0868 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0867 |
medium |
— |
6.8 |
EXP |
|
ibm |
12y ago |
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… |
| CVE-2014-0866 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive informa… |
| CVE-2014-0865 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0864 |
medium |
— |
7.8 |
EXP |
|
ibm |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers… |
| CVE-2013-5423 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. |
| CVE-2014-3074 |
high |
— |
7.2 |
|
|
ibm |
12y ago |
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS … |
| CVE-2014-3066 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, relat… |
| CVE-2014-3088 |
medium |
— |
5.5 |
|
|
ibm |
12y ago |
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to… |
| CVE-2013-3004 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitra… |
| CVE-2014-0891 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request ha… |
| CVE-2013-6311 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-6310 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6309 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. |
| CVE-2013-6308 |
medium |
— |
4.9 |
|
|
ibm |
12y ago |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. |
| CVE-2014-3011 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. |
| CVE-2011-1381 |
medium |
— |
6.4 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. |
| CVE-2014-3073 |
critical |
— |
10.0 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vector… |
| CVE-2014-3053 |
high |
— |
8.0 |
|
|
ibm |
12y ago |
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.… |
| CVE-2013-6737 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticat… |
| CVE-2014-3013 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted… |
| CVE-2014-3012 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response spli… |
| CVE-2014-0910 |
low |
— |
4.5 |
EXP |
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject… |
| CVE-2014-0960 |
medium |
— |
6.6 |
|
|
ibm |
12y ago |
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed … |
| CVE-2014-3042 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) b… |
| CVE-2014-3977 |
medium |
— |
7.9 |
EXP |
|
ibm |
12y ago |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix… |
| CVE-2014-3038 |
low |
— |
3.6 |
|
|
ibm |
12y ago |
IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group… |
| CVE-2014-3036 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive i… |
| CVE-2014-0936 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows re… |
| CVE-2014-0929 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for … |
| CVE-2014-0961 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows re… |
| CVE-2014-0935 |
medium |
— |
4.6 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. |
| CVE-2014-0907 |
high |
— |
7.2 |
|
|
ibm |
12y ago |
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow l… |
| CVE-2013-6744 |
high |
— |
8.5 |
|
|
ibm |
12y ago |
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT p… |
| CVE-2014-0925 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and c… |
| CVE-2014-3010 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 … |
| CVE-2014-0878 |
medium |
— |
5.8 |
|
|
ibm |
12y ago |
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before… |
| CVE-2013-6714 |
medium |
— |
4.1 |
|
|
ibm |
12y ago |
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local user… |
| CVE-2013-6713 |
medium |
— |
4.1 |
|
|
ibm |
12y ago |
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, wh… |
| CVE-2014-0893 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allo… |
| CVE-2014-0849 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging memb… |
| CVE-2014-0825 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7… |
| CVE-2014-0824 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Ser… |
| CVE-2013-6741 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Managem… |
| CVE-2013-5465 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; S… |
| CVE-2013-5464 |
medium |
— |
6.0 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote aut… |
| CVE-2013-5460 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and r… |
| CVE-2013-4016 |
medium |
— |
6.5 |
|
|
ibm |
12y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027… |
| CVE-2014-3867 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote at… |
| CVE-2013-2998 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive i… |
| CVE-2012-3333 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HT… |
| CVE-2014-3014 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via… |
| CVE-2014-0906 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leve… |
| CVE-2013-3984 |
low |
— |
2.9 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers t… |
| CVE-2013-3982 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. |
| CVE-2013-3981 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. |
| CVE-2013-3980 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users… |
| CVE-2013-3977 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. |
| CVE-2013-3975 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… |
| CVE-2013-3046 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack… |
| CVE-2014-3015 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary use… |
| CVE-2014-0943 |
high |
— |
7.1 |
|
|
ibm |
12y ago |
IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource… |
| CVE-2014-0959 |
medium |
— |
4.0 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infi… |
| CVE-2014-0958 |
medium |
— |
5.8 |
|
|
ibm |
12y ago |
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect u… |
| CVE-2014-0956 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows … |
| CVE-2014-0955 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbi… |
| CVE-2014-0954 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obt… |
| CVE-2014-0952 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allow… |
| CVE-2014-0951 |
medium |
— |
4.3 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML v… |
| CVE-2014-0949 |
medium |
— |
5.0 |
|
|
ibm |
12y ago |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consu… |
| CVE-2014-0964 |
high |
— |
7.1 |
|
|
ibm |
12y ago |
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic f… |
| CVE-2014-0933 |
medium |
— |
6.8 |
|
|
ibm |
12y ago |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. |
