Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-26 | CVE-2014-0853 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-02-22 | CVE-2013-6734 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Extreme Scale Client IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | 3.5 |
| 2014-02-22 | CVE-2014-0861 | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button. | 3.5 |
| 2014-02-14 | CVE-2013-6743 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | 3.5 |
| 2014-02-01 | CVE-2014-0832 | Cross-Site Scripting vulnerability in IBM Financial Transaction Manager 2.0.0.0/2.0.0.1/2.0.0.2 Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value. | 3.5 |
| 2014-01-23 | CVE-2013-5371 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager 6.3.1/6.4.0 The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | 2.1 |
| 2014-01-21 | CVE-2013-5429 | Improper Authentication vulnerability in IBM Tivoli Federated Identity Manager The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | 2.1 |
| 2014-01-16 | CVE-2013-6330 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.5 |
| 2014-01-16 | CVE-2013-6725 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2013-12-23 | CVE-2013-5420 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. | 3.5 |