Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2014-05-26 CVE-2013-2998 Information Exposure vulnerability in IBM Maximo Asset Management and Smartcloud Control Desk
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
network
ibm CWE-200
3.5
3.5
2014-05-26 CVE-2013-3984 Information Exposure vulnerability in IBM Sametime
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 		2.9
2.9
2014-05-26 CVE-2014-3014 Cross-Site Scripting vulnerability in IBM Sametime
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-05-09 CVE-2014-0945 Cross-Site Scripting vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-05-07 CVE-2013-6726 Cross-Site Scripting vulnerability in IBM Tririga Application Platform
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2014-05-01 CVE-2013-6323 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-05-01 CVE-2014-0941 Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 7.4.0
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.
network
ibm CWE-79
3.5
3.5
2014-05-01 CVE-2014-0942 Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 7.4.0
Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.
network
ibm CWE-79
3.5
3.5
2014-04-21 CVE-2014-0932 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-04-16 CVE-2014-2398 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. 3.5
3.5