Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-03-29 | CVE-2013-0511 | SQL Injection vulnerability in IBM Security Appscan Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | 6.5 |
2013-03-29 | CVE-2013-0510 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. | 4.3 |
2013-03-29 | CVE-2013-0474 | Information Exposure vulnerability in IBM Rational Policy Tester and Security Appscan The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. | 4.3 |
2013-03-29 | CVE-2013-0473 | Cross-Site Scripting vulnerability in IBM Rational Policy Tester and Security Appscan Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. | 4.3 |
2013-03-29 | CVE-2013-0452 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Software USE Analysis and Tivoli Endpoint Manager Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. | 6.8 |
2013-03-27 | CVE-2013-0489 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Domino Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | 6.0 |
2013-03-27 | CVE-2013-0488 | Cross-Site Scripting vulnerability in IBM Lotus Domino Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-03-27 | CVE-2013-0487 | Improper Authentication vulnerability in IBM Lotus Domino The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | 8.5 |
2013-03-27 | CVE-2013-0486 | Resource Management Errors vulnerability in IBM Lotus Domino Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY. | 4.3 |
2013-03-26 | CVE-2013-0525 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | 1.5 |