Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-04 | CVE-2013-5449 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-12-01 | CVE-2013-6718 | Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64 The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | 6.4 |
2013-11-29 | CVE-2013-6307 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-29 | CVE-2013-5463 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | 4.3 |
2013-11-29 | CVE-2013-5448 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-28 | CVE-2013-6322 | Cross-Site Scripting vulnerability in IBM Sterling Selling and Fulfillment Foundation 8.0/8.5 Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-27 | CVE-2013-4036 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP7 and 11.0 before FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-24 | CVE-2013-5458 | Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0 Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2013-11-24 | CVE-2013-5457 | Arbitrary Code Execution vulnerability in IBM Java 6.0.0.0/6.0.1.0/7.0.0.0 Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2013-11-24 | CVE-2013-5456 | Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0 The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block. | 9.3 |