Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2013-05-02 CVE-2013-0582 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.
network
ibm CWE-79
4.3
2013-05-02 CVE-2013-0535 Cross-Site Scripting vulnerability in IBM Classic Meeting Server and Lotus Sametime
Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
2013-05-01 CVE-2013-0538 Cross-Site Scripting vulnerability in IBM Lotus Notes
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.
network
ibm CWE-79
4.3
2013-05-01 CVE-2013-0127 Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.
network
ibm CWE-264
5.8
2013-04-30 CVE-2012-5947 Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0
Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.
network
ibm CWE-119
critical
9.3
2013-04-30 CVE-2012-5946 Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
network
ibm CWE-119
critical
9.3
2013-04-30 CVE-2012-5945 Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0
Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.
network
ibm CWE-119
critical
9.3
2013-04-28 CVE-2013-0553 Command Execution vulnerability in IBM Sametime Clients
The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM).
network
ibm
3.5
2013-04-28 CVE-2013-0533 Cross-Site Scripting vulnerability in IBM Lotus Sametime
Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
2013-04-27 CVE-2013-0593 Unspecified vulnerability in IBM Spss Samplepower 3.0.0.0
Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors.
network
ibm
critical
9.3