Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-09 | CVE-2013-3032 | Cross-Site Scripting vulnerability in IBM Lotus Domino Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. | 4.3 |
| 2013-08-09 | CVE-2013-3027 | Numeric Errors vulnerability in IBM Lotus Domino 9.0.0.0 Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. | 9.3 |
| 2013-08-06 | CVE-2013-3996 | Improper Input Validation vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | 4.9 |
| 2013-08-06 | CVE-2013-3995 | Cross-Site Scripting vulnerability in IBM Infosphere Biginsights Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2013-08-06 | CVE-2013-3992 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Biginsights 2.0.0.0/2.1.0.0 Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
| 2013-08-01 | CVE-2013-2994 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | 6.4 |
| 2013-08-01 | CVE-2013-2993 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | 5.8 |
| 2013-07-29 | CVE-2013-3033 | SQL Injection vulnerability in IBM Tivoli Remote Control 5.1.2 SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2013-07-25 | CVE-2013-3999 | Cross-Site Scripting vulnerability in IBM Social Media Analytics 1.2.0.0 Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-07-25 | CVE-2013-3979 | Cross-Site Scripting vulnerability in IBM Star Command Center Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |