Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-06 | CVE-2014-3099 | Security vulnerability in IBM Systems Director Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors. | 2.1 |
| 2014-11-26 | CVE-2014-6093 | Cross-Site Scripting vulnerability in IBM Websphere Portal 7.0.0.0/7.0.0.1/8.0.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-11-18 | CVE-2014-4817 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | 2.1 |
| 2014-11-18 | CVE-2014-6110 | Improper Access Control vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | 2.1 |
| 2014-11-08 | CVE-2014-6146 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2.1/5.2.2/5.2.4 IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files. | 1.9 |
| 2014-11-08 | CVE-2014-6159 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | 3.5 |
| 2014-11-08 | CVE-2014-6161 | Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Impact 6.1.1 Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-10-31 | CVE-2014-6148 | Improper Authentication vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. | 3.5 |
| 2014-10-31 | CVE-2014-6150 | Cross-Site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-10-28 | CVE-2014-4814 | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 3.5 |