Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-12 | CVE-2013-0501 | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Disclosure Management 10.2.0 The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | 9.3 |
| 2013-04-12 | CVE-2012-5937 | Remote Command Execution vulnerability in IBM Sterling B2B Integrator Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. | 9.3 |
| 2013-04-07 | CVE-2012-0706 | Permissions, Privileges, and Access Controls vulnerability in IBM Scale OUT Network Attached Storage 1.3 IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine. | 3.5 |
| 2013-04-05 | CVE-2013-0483 | Cryptographic Issues vulnerability in IBM IMS Enterprise Suite 1.1/2.1/2.2 The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-04-05 | CVE-2013-0470 | Configuration vulnerability in IBM Netezza Performance Portal 1.0.2 HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | 4.0 |
| 2013-04-01 | CVE-2013-0502 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | 4.3 |
| 2013-04-01 | CVE-2012-4861 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Replication Server The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL. | 4.0 |
| 2013-03-29 | CVE-2013-0532 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Policy Tester and Security Appscan Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. | 6.8 |
| 2013-03-29 | CVE-2013-0513 | Local Privilege Escalation vulnerability in Multiple IBM Products IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability. | 7.2 |
| 2013-03-29 | CVE-2013-0512 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Policy Tester and Security Appscan Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. | 4.3 |