| CVE-2014-0901 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated user… |
| CVE-2014-0880 |
high |
— |
7.5 |
|
|
ibm |
12y ago |
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CL… |
| CVE-2014-0904 |
high |
— |
7.6 |
|
|
ibm |
12y ago |
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. |
| CVE-2014-0848 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote at… |
| CVE-2013-3998 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and … |
| CVE-2013-3976 |
low |
— |
2.1 |
|
|
ibm |
12y ago |
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3… |
| CVE-2014-0887 |
high |
— |
7.1 |
|
|
ibm |
12y ago |
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. |
| CVE-2014-0886 |
high |
— |
7.1 |
|
|
ibm |
12y ago |
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecif… |
| CVE-2014-0884 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML… |
| CVE-2013-6729 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2014-0895 |
high |
— |
7.5 |
|
|
ibm |
12y ago |
Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList pr… |
| CVE-2014-0850 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inje… |
| CVE-2014-0890 |
low |
— |
1.9 |
|
|
ibm |
12y ago |
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords… |
| CVE-2013-6314 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to… |
| CVE-2013-6333 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… |
| CVE-2013-6320 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… |
| CVE-2013-6301 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… |
| CVE-2013-6300 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… |
| CVE-2013-6299 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… |
| CVE-2014-0846 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authen… |
| CVE-2014-0844 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users t… |
| CVE-2014-0874 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. |
| CVE-2014-0858 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. |
| CVE-2014-0853 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allo… |
| CVE-2014-0843 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by … |
| CVE-2014-0840 |
low |
— |
3.5 |
|
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script o… |
| CVE-2014-0861 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 … |
| CVE-2013-6734 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportu… |
| CVE-2013-6743 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML v… |
| CVE-2013-6742 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain a… |
| CVE-2013-3983 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attac… |
| CVE-2014-0822 |
high |
— |
7.8 |
|
|
ibm |
13y ago |
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. |
| CVE-2013-6332 |
high |
— |
8.5 |
|
|
ibm |
13y ago |
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. |
| CVE-2014-0832 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated user… |
| CVE-2014-0838 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. |
| CVE-2013-6749 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … |
| CVE-2013-6748 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … |
| CVE-2013-2974 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration… |
| CVE-2013-6747 |
high |
— |
7.1 |
|
|
ibm |
13y ago |
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (applic… |
| CVE-2013-5371 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local … |
| CVE-2013-5429 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent … |
| CVE-2013-6725 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authentica… |
| CVE-2013-6330 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2013-6321 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Pol… |
| CVE-2013-5420 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a d… |
| CVE-2013-6745 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbit… |
| CVE-2013-5406 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… |
| CVE-2013-5405 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… |
| CVE-2013-4065 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip… |
| CVE-2013-4064 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary… |
| CVE-2013-5452 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration … |
| CVE-2013-5440 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a fail… |
| CVE-2013-5416 |
high |
— |
7.2 |
|
|
ibm |
13y ago |
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. |
| CVE-2013-5415 |
high |
— |
7.2 |
|
|
ibm |
13y ago |
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. |
| CVE-2013-5402 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Lif… |
| CVE-2013-5398 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-5397 |
low |
— |
3.3 |
|
|
ibm |
13y ago |
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.… |
| CVE-2013-6721 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web… |
| CVE-2013-6329 |
high |
— |
7.8 |
|
|
ibm |
13y ago |
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption… |
| CVE-2013-3043 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-3042 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v… |
| CVE-2013-5404 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational T… |
| CVE-2013-6307 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5448 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary w… |
| CVE-2013-6322 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject ar… |
| CVE-2013-4036 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborat… |
| CVE-2013-5418 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenti… |
| CVE-2013-5414 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role … |
| CVE-2013-5425 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitr… |
| CVE-2013-5453 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. |
| CVE-2013-5379 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leverag… |
| CVE-2013-5378 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connection… |
| CVE-2013-3985 |
low |
— |
2.9 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak sett… |
| CVE-2013-3045 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. |
| CVE-2013-3044 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting… |
| CVE-2013-0537 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. |
| CVE-2013-4055 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-4051 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-3989 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequen… |
| CVE-2013-5393 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. |
| CVE-2013-5390 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HT… |
| CVE-2013-2964 |
high |
— |
7.2 |
|
|
ibm |
13y ago |
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain pr… |
| CVE-2013-5395 |
high |
— |
7.5 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-5380 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. |
| CVE-2013-4019 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecif… |
| CVE-2013-3048 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web scrip… |
| CVE-2013-4025 |
low |
— |
1.9 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplet… |
| CVE-2013-4022 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authenticati… |
| CVE-2013-4068 |
high |
— |
7.1 |
|
|
ibm |
13y ago |
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. |
| CVE-2013-4049 |
high |
— |
8.5 |
|
|
ibm |
13y ago |
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by… |
| CVE-2013-4048 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web sc… |
| CVE-2013-3031 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users … |
| CVE-2013-2997 |
low |
— |
1.7 |
|
|
ibm |
13y ago |
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. |
| CVE-2013-4003 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2013-2988 |
low |
— |
2.6 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-2978 |
low |
— |
2.1 |
|
|
ibm |
13y ago |
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… |
| CVE-2013-0591 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0590 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka… |
| CVE-2013-0586 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script … |
| CVE-2013-4005 |
low |
— |
3.5 |
|
|
ibm |
13y ago |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 a… |
