Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-14 | CVE-2013-3043 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | 2.1 |
| 2013-12-14 | CVE-2013-3042 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | 2.1 |
| 2013-12-10 | CVE-2013-5404 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. | 3.5 |
| 2013-12-10 | CVE-2013-5447 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Forms Viewer Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. | 6.8 |
| 2013-12-07 | CVE-2013-5455 | Permissions, Privileges, and Access Controls vulnerability in IBM Smartcloud Provisioning 2.1.0 IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | 4.9 |
| 2013-12-04 | CVE-2013-5449 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-01 | CVE-2013-6718 | Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64 The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | 6.4 |
| 2013-11-29 | CVE-2013-6307 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2013-11-29 | CVE-2013-5463 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | 4.3 |
| 2013-11-29 | CVE-2013-5448 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |