Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2013-12-04 CVE-2013-5449 Cross-Site Scripting vulnerability in IBM Filenet Content Manager
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-12-01 CVE-2013-6718 Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
network
low complexity
ibm CWE-310
6.4
6.4
2013-11-29 CVE-2013-6307 Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2013-11-29 CVE-2013-5463 Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file.
network
ibm CWE-264
4.3
4.3
2013-11-29 CVE-2013-5448 Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2013-11-28 CVE-2013-6322 Cross-Site Scripting vulnerability in IBM Sterling Selling and Fulfillment Foundation 8.0/8.5
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2013-11-27 CVE-2013-4036 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP7 and 11.0 before FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2013-11-24 CVE-2013-5458 Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
network
ibm
critical
 9.3
9.3
2013-11-24 CVE-2013-5457 Arbitrary Code Execution vulnerability in IBM Java 6.0.0.0/6.0.1.0/7.0.0.0
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.
network
ibm
critical
 9.3
9.3
2013-11-24 CVE-2013-5456 Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
network
ibm
critical
 9.3
9.3