Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0932 | 0.00 | — | 0.01 | Apr 21, 2014 | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-0361 | 0.00 | — | 0.00 | Apr 21, 2014 | The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis… | |||
| CVE-2013-5459 | 0.00 | — | 0.01 | Apr 21, 2014 | Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking. | |||
| CVE-2014-2428 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2014-2401 | 0.00 | — | 0.04 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2014-2398 | 0.00 | — | 0.03 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | |||
| CVE-2014-0461 | 0.00 | — | 0.06 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||
| CVE-2014-0455 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. | |||
| CVE-2014-0454 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | |||
| CVE-2014-0453 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | |||
| CVE-2014-0448 | 0.00 | — | 0.05 | Apr 16, 2014 | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2014-0924 | 0.00 | — | 0.01 | Apr 15, 2014 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring. | |||
| CVE-2014-0923 | 0.00 | — | 0.01 | Apr 15, 2014 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | |||
| CVE-2014-0922 | 0.00 | — | 0.01 | Apr 15, 2014 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | |||
| CVE-2014-0921 | 0.00 | — | 0.01 | Apr 15, 2014 | The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | |||
| CVE-2014-0920 | 0.00 | — | 0.02 | Apr 10, 2014 | IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-0908 | 0.00 | — | 0.01 | Apr 10, 2014 | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive… | |||
| CVE-2014-0827 | 0.00 | — | 0.01 | Apr 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-0901 | 0.00 | — | 0.01 | Apr 2, 2014 | Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-0828 | 0.00 | — | 0.01 | Apr 2, 2014 | Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script… | |||
| CVE-2014-0880 | 0.00 | — | 0.02 | Mar 29, 2014 | IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to… | |||
| CVE-2014-0904 | 0.00 | — | 0.03 | Mar 26, 2014 | The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. | |||
| CVE-2014-0848 | 0.00 | — | 0.01 | Mar 26, 2014 | The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||
| CVE-2013-3998 | 0.00 | — | 0.01 | Mar 26, 2014 | CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2013-3997 | 0.00 | — | 0.01 | Mar 26, 2014 | Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-3976 | 0.00 | — | 0.01 | Mar 26, 2014 | The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox… | |||
| CVE-2014-0887 | 0.00 | — | 0.02 | Mar 25, 2014 | The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||
| CVE-2014-0886 | 0.00 | — | 0.02 | Mar 25, 2014 | The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-0885 | 0.00 | — | 0.01 | Mar 25, 2014 | Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-0884 | 0.00 | — | 0.01 | Mar 25, 2014 | Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5445 | 0.00 | — | 0.01 | Mar 25, 2014 | IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | |||
| CVE-2013-5444 | 0.00 | — | 0.02 | Mar 25, 2014 | The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | |||
| CVE-2013-5443 | 0.00 | — | 0.01 | Mar 25, 2014 | Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-0879 | 0.00 | — | 0.04 | Mar 21, 2014 | Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-0829 | 0.00 | — | 0.01 | Mar 21, 2014 | Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors. | |||
| CVE-2013-6729 | 0.00 | — | 0.01 | Mar 21, 2014 | Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-5401 | 0.00 | — | 0.01 | Mar 21, 2014 | The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. | |||
| CVE-2014-0895 | 0.00 | — | 0.04 | Mar 16, 2014 | Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |||
| CVE-2014-0873 | 0.00 | — | 0.01 | Mar 16, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before… | |||
| CVE-2014-0850 | 0.00 | — | 0.01 | Mar 16, 2014 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-4059 | 0.00 | — | 0.01 | Mar 16, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. | |||
| CVE-2013-4058 | 0.00 | — | 0.01 | Mar 16, 2014 | Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | |||
| CVE-2013-4057 | 0.00 | — | 0.01 | Mar 16, 2014 | Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-0899 | 0.00 | — | 0.02 | Mar 11, 2014 | ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands. | |||
| CVE-2014-0890 | 0.00 | — | 0.00 | Mar 6, 2014 | The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive… | |||
| CVE-2013-6315 | 0.00 | — | 0.01 | Mar 6, 2014 | IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||
| CVE-2013-6314 | 0.00 | — | 0.01 | Mar 6, 2014 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6304 | 0.00 | — | 0.01 | Mar 6, 2014 | Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||
| CVE-2013-6333 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-6331 | 0.00 | — | 0.01 | Mar 5, 2014 | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL… |
- CVE-2014-0932Apr 21, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2014-0361Apr 21, 2014risk 0.00cvss —epss 0.00
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis…
- CVE-2013-5459Apr 21, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
- CVE-2014-2428Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
- CVE-2014-2401Apr 16, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
- CVE-2014-2398Apr 16, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
- CVE-2014-0461Apr 16, 2014risk 0.00cvss —epss 0.06
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
- CVE-2014-0455Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
- CVE-2014-0454Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
- CVE-2014-0453Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
- CVE-2014-0448Apr 16, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
- CVE-2014-0924Apr 15, 2014risk 0.00cvss —epss 0.01
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring.
- CVE-2014-0923Apr 15, 2014risk 0.00cvss —epss 0.01
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data.
- CVE-2014-0922Apr 15, 2014risk 0.00cvss —epss 0.01
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data.
- CVE-2014-0921Apr 15, 2014risk 0.00cvss —epss 0.01
The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade.
- CVE-2014-0920Apr 10, 2014risk 0.00cvss —epss 0.02
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2014-0908Apr 10, 2014risk 0.00cvss —epss 0.01
The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive…
- CVE-2014-0827Apr 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2014-0901Apr 2, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-0828Apr 2, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script…
- CVE-2014-0880Mar 29, 2014risk 0.00cvss —epss 0.02
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to…
- CVE-2014-0904Mar 26, 2014risk 0.00cvss —epss 0.03
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
- CVE-2014-0848Mar 26, 2014risk 0.00cvss —epss 0.01
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
- CVE-2013-3998Mar 26, 2014risk 0.00cvss —epss 0.01
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- CVE-2013-3997Mar 26, 2014risk 0.00cvss —epss 0.01
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2013-3976Mar 26, 2014risk 0.00cvss —epss 0.01
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox…
- CVE-2014-0887Mar 25, 2014risk 0.00cvss —epss 0.02
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
- CVE-2014-0886Mar 25, 2014risk 0.00cvss —epss 0.02
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
- CVE-2014-0885Mar 25, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-0884Mar 25, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-5445Mar 25, 2014risk 0.00cvss —epss 0.01
IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.
- CVE-2013-5444Mar 25, 2014risk 0.00cvss —epss 0.02
The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors.
- CVE-2013-5443Mar 25, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2014-0879Mar 21, 2014risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2014-0829Mar 21, 2014risk 0.00cvss —epss 0.01
Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
- CVE-2013-6729Mar 21, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2013-5401Mar 21, 2014risk 0.00cvss —epss 0.01
The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors.
- CVE-2014-0895Mar 16, 2014risk 0.00cvss —epss 0.04
Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value.
- CVE-2014-0873Mar 16, 2014risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before…
- CVE-2014-0850Mar 16, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2013-4059Mar 16, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.
- CVE-2013-4058Mar 16, 2014risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.
- CVE-2013-4057Mar 16, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2014-0899Mar 11, 2014risk 0.00cvss —epss 0.02
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
- CVE-2014-0890Mar 6, 2014risk 0.00cvss —epss 0.00
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive…
- CVE-2013-6315Mar 6, 2014risk 0.00cvss —epss 0.01
IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
- CVE-2013-6314Mar 6, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6304Mar 6, 2014risk 0.00cvss —epss 0.01
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
- CVE-2013-6333Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-6331Mar 5, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL…
Page 132 of 166