Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-11-18 | CVE-2013-3030 | Improper Input Validation vulnerability in IBM Cognos Business Intelligence The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests. | 5.0 |
2013-11-13 | CVE-2013-5453 | Information Exposure vulnerability in IBM Security Appscan IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. | 3.5 |
2013-11-13 | CVE-2013-5450 | Credentials Management vulnerability in IBM Security Appscan IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token. | 4.0 |
2013-11-13 | CVE-2013-5442 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-11-13 | CVE-2013-5379 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. | 3.5 |
2013-11-13 | CVE-2013-5378 | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. | 3.5 |
2013-11-09 | CVE-2013-3985 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | 2.9 |
2013-11-09 | CVE-2013-3045 | Improper Input Validation vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. | 3.5 |
2013-11-09 | CVE-2013-3044 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges. | 3.5 |
2013-11-09 | CVE-2013-0537 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. | 3.5 |