| CVE-2013-6743 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML v… |
| CVE-2013-6742 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain a… |
| CVE-2013-3988 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2013-3983 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attac… |
| CVE-2013-3978 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote … |
| CVE-2014-0855 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script… |
| CVE-2013-6728 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary di… |
| CVE-2013-6722 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a deni… |
| CVE-2013-5400 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local … |
| CVE-2014-0822 |
high |
— |
7.8 |
|
|
ibm |
13y ago |
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. |
| CVE-2013-6332 |
high |
— |
8.5 |
|
|
ibm |
13y ago |
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. |
| CVE-2013-2962 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) vi… |
| CVE-2014-0834 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program. |
| CVE-2013-5427 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Pro… |
| CVE-2014-0833 |
medium |
— |
5.5 |
|
|
ibm |
13y ago |
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intende… |
| CVE-2014-0832 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated user… |
| CVE-2014-0831 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary us… |
| CVE-2014-0830 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authentica… |
| CVE-2013-6724 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. |
| CVE-2013-4043 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP… |
| CVE-2013-6727 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspeci… |
| CVE-2014-0838 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. |
| CVE-2014-0837 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted cer… |
| CVE-2014-0836 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2014-0835 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console… |
| CVE-2013-6749 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … |
| CVE-2013-6748 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … |
| CVE-2013-2974 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration… |
| CVE-2013-6747 |
high |
— |
7.1 |
|
|
ibm |
13y ago |
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (applic… |
| CVE-2013-5371 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local … |
| CVE-2013-6746 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content … |
| CVE-2013-0485 |
critical |
— |
10.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. |
| CVE-2013-6305 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dep… |
| CVE-2013-5429 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent … |
| CVE-2013-6725 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authentica… |
| CVE-2013-6330 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-6325 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request … |
| CVE-2013-6334 |
medium |
— |
6.4 |
|
|
ibm |
13y ago |
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0… |
| CVE-2013-6321 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Pol… |
| CVE-2013-5420 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a d… |
| CVE-2013-6745 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbit… |
| CVE-2013-6735 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow… |
| CVE-2013-6723 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp… |
| CVE-2013-6328 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.… |
| CVE-2013-6316 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers … |
| CVE-2013-5421 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web s… |
| CVE-2013-4012 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a… |
| CVE-2013-5413 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended work… |
| CVE-2013-5411 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. |
| CVE-2013-5409 |
medium |
— |
6.5 |
|
|
ibm |
13y ago |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5407 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain … |
| CVE-2013-5406 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… |
| CVE-2013-5405 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… |
| CVE-2013-4070 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. |
| CVE-2013-4069 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara… |
| CVE-2013-4065 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip… |
| CVE-2013-4064 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary… |
| CVE-2013-4063 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an … |
| CVE-2013-4046 |
medium |
— |
5.8 |
|
|
ibm |
13y ago |
Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … |
| CVE-2013-4045 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbi… |
| CVE-2013-4044 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. |
| CVE-2013-6717 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remo… |
| CVE-2013-5462 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click… |
| CVE-2013-5452 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration … |
| CVE-2013-5426 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… |
| CVE-2013-5422 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database name… |
| CVE-2013-5466 |
medium |
— |
4.0 |
|
|
ibm |
13y ago |
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspe… |
| CVE-2013-5440 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a fail… |
| CVE-2013-5416 |
high |
— |
7.2 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. |
| CVE-2013-5415 |
high |
— |
7.2 |
|
|
ibm |
13y ago |
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. |
| CVE-2013-5402 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Lif… |
| CVE-2013-5398 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-5397 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-6733 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2013-6721 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web… |
| CVE-2013-6329 |
high |
— |
7.8 |
|
|
ibm |
13y ago |
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption… |
| CVE-2013-6327 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web … |
| CVE-2013-5438 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-4001 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. |
| CVE-2013-4000 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o… |
| CVE-2013-3043 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-3042 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-5404 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational T… |
| CVE-2013-5447 |
medium |
— |
7.8 |
EXP |
|
ibm |
13y ago |
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. |
| CVE-2013-5455 |
medium |
— |
4.9 |
|
|
ibm |
13y ago |
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… |
| CVE-2013-5449 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5… |
| CVE-2013-6307 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5463 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. |
| CVE-2013-5448 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary w… |
| CVE-2013-6322 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject ar… |
| CVE-2013-4036 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborat… |
| CVE-2013-5458 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2013-5457 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2013-5456 |
critical |
— |
9.3 |
|
|
ibm |
13y ago |
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to des… |
| CVE-2013-5375 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors… |
| CVE-2013-4041 |
medium |
— |
6.8 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. |
| CVE-2013-6312 |
medium |
— |
5.0 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via … |
| CVE-2013-5418 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenti… |
| CVE-2013-5417 |
medium |
— |
4.3 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web scri… |
| CVE-2013-5414 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role … |
