Vendor CVEs
IBM
All CVEs
8,292 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5387 | 0.00 | — | 0.01 | Nov 6, 2013 | Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data. | |||
| CVE-2013-5431 | 0.00 | — | 0.01 | Nov 1, 2013 | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8… | |||
| CVE-2013-5430 | 0.00 | — | 0.01 | Oct 28, 2013 | The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment… | |||
| CVE-2013-5424 | 0.00 | — | 0.01 | Oct 25, 2013 | IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. | |||
| CVE-2013-3989 | 0.00 | — | 0.01 | Oct 25, 2013 | IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content. | |||
| CVE-2013-5389 | 0.00 | — | 0.01 | Oct 22, 2013 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X. | |||
| CVE-2013-5388 | 0.00 | — | 0.01 | Oct 22, 2013 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F. | |||
| CVE-2013-5446 | 0.00 | — | 0.02 | Oct 22, 2013 | The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-5428 | 0.00 | — | 0.02 | Oct 22, 2013 | IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-5372 | 0.00 | — | 0.03 | Oct 19, 2013 | The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers… | |||
| CVE-2013-5376 | 0.00 | — | 0.01 | Oct 17, 2013 | Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | |||
| CVE-2013-3025 | 0.00 | — | 0.01 | Oct 17, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0500 | 0.00 | — | 0.01 | Oct 17, 2013 | IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or… | |||
| CVE-2013-5394 | 0.00 | — | 0.01 | Oct 16, 2013 | The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-5393 | 0.00 | — | 0.01 | Oct 16, 2013 | The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-5390 | 0.00 | — | 0.01 | Oct 16, 2013 | Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4804 | 0.00 | — | 0.03 | Oct 13, 2013 | Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. | |||
| CVE-2013-4056 | 0.00 | — | 0.01 | Oct 13, 2013 | Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2013-2366 | 0.00 | — | 0.03 | Oct 13, 2013 | Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. | |||
| CVE-2013-0580 | 0.00 | — | 0.00 | Oct 10, 2013 | Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. | |||
| CVE-2013-0579 | 0.00 | — | 0.01 | Oct 10, 2013 | The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication. | |||
| CVE-2013-0577 | 0.00 | — | 0.01 | Oct 10, 2013 | The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors. | |||
| CVE-2013-5419 | 0.00 | — | 0.00 | Oct 4, 2013 | Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. | |||
| CVE-2013-2964 | 0.00 | — | 0.00 | Oct 4, 2013 | Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors. | |||
| CVE-2013-4067 | 0.00 | — | 0.01 | Oct 2, 2013 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. | |||
| CVE-2013-4066 | 0.00 | — | 0.01 | Oct 2, 2013 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. | |||
| CVE-2013-4032 | 0.00 | — | 0.02 | Oct 2, 2013 | The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data. | |||
| CVE-2013-5395 | 0.00 | — | 0.02 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-5383 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382. | |||
| CVE-2013-5382 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383. | |||
| CVE-2013-5381 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-5380 | 0.00 | — | 0.00 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-4027 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-4021 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. | |||
| CVE-2013-4020 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-4019 | 0.00 | — | 0.01 | Oct 1, 2013 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4018 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-4017 | 0.00 | — | 0.01 | Oct 1, 2013 | SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4014 | 0.00 | — | 0.01 | Oct 1, 2013 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4013 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-3973 | 0.00 | — | 0.01 | Oct 1, 2013 | SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3972 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-3971 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049. | |||
| CVE-2013-3049 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971. | |||
| CVE-2013-3048 | 0.00 | — | 0.01 | Oct 1, 2013 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3047 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-0451 | 0.00 | — | 0.01 | Oct 1, 2013 | SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-3323 | 0.00 | — | 0.01 | Oct 1, 2013 | IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2013-5370 | 0.00 | — | 0.04 | Oct 1, 2013 | Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042. | |||
| CVE-2013-4042 | 0.00 | — | 0.04 | Oct 1, 2013 | Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370. |
- CVE-2013-5387Nov 6, 2013risk 0.00cvss —epss 0.01
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.
- CVE-2013-5431Nov 1, 2013risk 0.00cvss —epss 0.01
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8…
- CVE-2013-5430Oct 28, 2013risk 0.00cvss —epss 0.01
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment…
- CVE-2013-5424Oct 25, 2013risk 0.00cvss —epss 0.01
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
- CVE-2013-3989Oct 25, 2013risk 0.00cvss —epss 0.01
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
- CVE-2013-5389Oct 22, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
- CVE-2013-5388Oct 22, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
- CVE-2013-5446Oct 22, 2013risk 0.00cvss —epss 0.02
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
- CVE-2013-5428Oct 22, 2013risk 0.00cvss —epss 0.02
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
- CVE-2013-5372Oct 19, 2013risk 0.00cvss —epss 0.03
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers…
- CVE-2013-5376Oct 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.
- CVE-2013-3025Oct 17, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-0500Oct 17, 2013risk 0.00cvss —epss 0.01
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or…
- CVE-2013-5394Oct 16, 2013risk 0.00cvss —epss 0.01
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
- CVE-2013-5393Oct 16, 2013risk 0.00cvss —epss 0.01
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
- CVE-2013-5390Oct 16, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4804Oct 13, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
- CVE-2013-4056Oct 13, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2013-2366Oct 13, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802.
- CVE-2013-0580Oct 10, 2013risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.
- CVE-2013-0579Oct 10, 2013risk 0.00cvss —epss 0.01
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication.
- CVE-2013-0577Oct 10, 2013risk 0.00cvss —epss 0.01
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors.
- CVE-2013-5419Oct 4, 2013risk 0.00cvss —epss 0.00
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
- CVE-2013-2964Oct 4, 2013risk 0.00cvss —epss 0.00
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
- CVE-2013-4067Oct 2, 2013risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.
- CVE-2013-4066Oct 2, 2013risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.
- CVE-2013-4032Oct 2, 2013risk 0.00cvss —epss 0.02
The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.
- CVE-2013-5395Oct 1, 2013risk 0.00cvss —epss 0.02
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2013-5383Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
- CVE-2013-5382Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.
- CVE-2013-5381Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
- CVE-2013-5380Oct 1, 2013risk 0.00cvss —epss 0.00
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.
- CVE-2013-4027Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
- CVE-2013-4021Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.
- CVE-2013-4020Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
- CVE-2013-4019Oct 1, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4018Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2013-4017Oct 1, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-4014Oct 1, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4013Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2013-3973Oct 1, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-3972Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2013-3971Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
- CVE-2013-3049Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.
- CVE-2013-3048Oct 1, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3047Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.
- CVE-2013-0451Oct 1, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2012-3323Oct 1, 2013risk 0.00cvss —epss 0.01
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
- CVE-2013-5370Oct 1, 2013risk 0.00cvss —epss 0.04
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
- CVE-2013-4042Oct 1, 2013risk 0.00cvss —epss 0.04
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370.
Page 136 of 166