Vulnerabilities > IBM > Infosphere Optim Data Growth FOR Oracle E Business Suite > 6.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-10 | CVE-2013-0580 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. | 4.9 |
| 2013-10-10 | CVE-2013-0579 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication. | 4.3 |
| 2013-10-10 | CVE-2013-0577 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors. | 5.2 |
| 2013-05-27 | CVE-2013-2959 | Credentials Management vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-05-27 | CVE-2013-2957 | Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2013-05-27 | CVE-2013-2956 | SQL Injection vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-05-27 | CVE-2013-2955 | Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue. | 3.5 |
| 2013-05-27 | CVE-2013-2954 | Improper Authentication vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
| 2013-05-27 | CVE-2013-2953 | Cryptographic Issues vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | 4.3 |