Vendor CVEs
IBM
All CVEs
8,290 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6304 | 0.00 | — | 0.01 | Mar 6, 2014 | Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||
| CVE-2013-6333 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-6331 | 0.00 | — | 0.01 | Mar 5, 2014 | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL… | |||
| CVE-2013-6320 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-6319 | 0.00 | — | 0.01 | Mar 5, 2014 | IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via… | |||
| CVE-2013-6318 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web… | |||
| CVE-2013-6303 | 0.00 | — | 0.01 | Mar 5, 2014 | Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files… | |||
| CVE-2013-6302 | 0.00 | — | 0.01 | Mar 5, 2014 | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL… | |||
| CVE-2013-6301 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-6300 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-6299 | 0.00 | — | 0.01 | Mar 5, 2014 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject… | |||
| CVE-2013-5468 | 0.00 | — | 0.01 | Mar 5, 2014 | IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information… | |||
| CVE-2014-0846 | 0.00 | — | 0.01 | Mar 4, 2014 | Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-0845 | 0.00 | — | 0.01 | Mar 4, 2014 | Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a… | |||
| CVE-2014-0844 | 0.00 | — | 0.01 | Mar 4, 2014 | Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors. | |||
| CVE-2013-6730 | 0.00 | — | 0.02 | Mar 4, 2014 | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by… | |||
| CVE-2014-0862 | 0.00 | — | 0.04 | Mar 2, 2014 | Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-4054 | 0.00 | — | 0.02 | Mar 2, 2014 | Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||
| CVE-2014-0874 | 0.00 | — | 0.01 | Feb 28, 2014 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | |||
| CVE-2014-0858 | 0.00 | — | 0.01 | Feb 27, 2014 | IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | |||
| CVE-2013-6731 | 0.00 | — | 0.01 | Feb 26, 2014 | IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | |||
| CVE-2014-0853 | 0.00 | — | 0.01 | Feb 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2014-0843 | 0.00 | — | 0.01 | Feb 26, 2014 | Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. | |||
| CVE-2014-0842 | 0.00 | — | 0.01 | Feb 26, 2014 | The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||
| CVE-2014-0840 | 0.00 | — | 0.01 | Feb 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-0839 | 0.00 | — | 0.01 | Feb 26, 2014 | IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. | |||
| CVE-2014-0861 | 0.00 | — | 0.01 | Feb 22, 2014 | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an… | |||
| CVE-2014-0854 | 0.00 | — | 0.02 | Feb 22, 2014 | The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in… | |||
| CVE-2013-6734 | 0.00 | — | 0.01 | Feb 22, 2014 | IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | |||
| CVE-2013-6732 | 0.00 | — | 0.01 | Feb 22, 2014 | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an… | |||
| CVE-2013-6743 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | |||
| CVE-2013-6742 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||
| CVE-2013-3988 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2013-3983 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-3978 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended… | |||
| CVE-2014-0855 | 0.00 | — | 0.01 | Feb 14, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6722 | 0.00 | — | 0.01 | Feb 14, 2014 | Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. | |||
| CVE-2013-6728 | 0.00 | — | 0.01 | Feb 14, 2014 | The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. | |||
| CVE-2013-5400 | 0.00 | — | 0.02 | Feb 14, 2014 | An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | |||
| CVE-2014-0822 | 0.00 | — | 0.02 | Feb 6, 2014 | The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. | |||
| CVE-2013-6332 | 0.00 | — | 0.02 | Feb 6, 2014 | Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. | |||
| CVE-2013-2962 | 0.00 | — | 0.00 | Feb 6, 2014 | Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors. | |||
| CVE-2014-0834 | 0.00 | — | 0.01 | Feb 4, 2014 | IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program. | |||
| CVE-2013-5427 | 0.00 | — | 0.01 | Feb 4, 2014 | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the… | |||
| CVE-2014-0833 | 0.00 | — | 0.01 | Feb 1, 2014 | The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||
| CVE-2014-0832 | 0.00 | — | 0.01 | Feb 1, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value. | |||
| CVE-2014-0831 | 0.00 | — | 0.01 | Feb 1, 2014 | Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | |||
| CVE-2014-0830 | 0.00 | — | 0.01 | Feb 1, 2014 | Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | |||
| CVE-2013-6724 | 0.00 | — | 0.03 | Feb 1, 2014 | Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |||
| CVE-2013-4043 | 0.00 | — | 0.01 | Feb 1, 2014 | The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. |
- CVE-2013-6304Mar 6, 2014risk 0.00cvss —epss 0.01
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
- CVE-2013-6333Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-6331Mar 5, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL…
- CVE-2013-6320Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-6319Mar 5, 2014risk 0.00cvss —epss 0.01
IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via…
- CVE-2013-6318Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web…
- CVE-2013-6303Mar 5, 2014risk 0.00cvss —epss 0.01
Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files…
- CVE-2013-6302Mar 5, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL…
- CVE-2013-6301Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-6300Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-6299Mar 5, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject…
- CVE-2013-5468Mar 5, 2014risk 0.00cvss —epss 0.01
IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information…
- CVE-2014-0846Mar 4, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2014-0845Mar 4, 2014risk 0.00cvss —epss 0.01
Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a…
- CVE-2014-0844Mar 4, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.
- CVE-2013-6730Mar 4, 2014risk 0.00cvss —epss 0.02
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by…
- CVE-2014-0862Mar 2, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2013-4054Mar 2, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.
- CVE-2014-0874Feb 28, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
- CVE-2014-0858Feb 27, 2014risk 0.00cvss —epss 0.01
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
- CVE-2013-6731Feb 26, 2014risk 0.00cvss —epss 0.01
IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request.
- CVE-2014-0853Feb 26, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via…
- CVE-2014-0843Feb 26, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
- CVE-2014-0842Feb 26, 2014risk 0.00cvss —epss 0.01
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
- CVE-2014-0840Feb 26, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-0839Feb 26, 2014risk 0.00cvss —epss 0.01
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.
- CVE-2014-0861Feb 22, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an…
- CVE-2014-0854Feb 22, 2014risk 0.00cvss —epss 0.02
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in…
- CVE-2013-6734Feb 22, 2014risk 0.00cvss —epss 0.01
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
- CVE-2013-6732Feb 22, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an…
- CVE-2013-6743Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
- CVE-2013-6742Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
- CVE-2013-3988Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
- CVE-2013-3983Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
- CVE-2013-3978Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended…
- CVE-2014-0855Feb 14, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6722Feb 14, 2014risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.
- CVE-2013-6728Feb 14, 2014risk 0.00cvss —epss 0.01
The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory.
- CVE-2013-5400Feb 14, 2014risk 0.00cvss —epss 0.02
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.
- CVE-2014-0822Feb 6, 2014risk 0.00cvss —epss 0.02
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
- CVE-2013-6332Feb 6, 2014risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it.
- CVE-2013-2962Feb 6, 2014risk 0.00cvss —epss 0.00
Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.
- CVE-2014-0834Feb 4, 2014risk 0.00cvss —epss 0.01
IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.
- CVE-2013-5427Feb 4, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the…
- CVE-2014-0833Feb 1, 2014risk 0.00cvss —epss 0.01
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.
- CVE-2014-0832Feb 1, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.
- CVE-2014-0831Feb 1, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.
- CVE-2014-0830Feb 1, 2014risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.
- CVE-2013-6724Feb 1, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value.
- CVE-2013-4043Feb 1, 2014risk 0.00cvss —epss 0.01
The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.
Page 133 of 166