Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-23 | CVE-2014-6121 | Cross-Site Scripting vulnerability in IBM Security Appscan and Security Appscan Source Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-12-22 | CVE-2014-8897 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8898 and CVE-2014-8899. | 3.5 |
| 2014-12-22 | CVE-2014-8898 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899. | 3.5 |
| 2014-12-22 | CVE-2014-8899 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8898. | 3.5 |
| 2014-12-19 | CVE-2014-4801 | Cross-Site Scripting vulnerability in IBM Rational Quality Manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-12-19 | CVE-2014-6173 | Cross-Site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-12-12 | CVE-2014-6145 | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-12-11 | CVE-2014-6215 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-12-11 | CVE-2014-6143 | Information Exposure vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1.0.0/2.5.0.0 The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. | 2.1 |
| 2014-12-11 | CVE-2014-6163 | Cross-Site Scripting vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1.0.0/2.5.0.0 Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |