Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-25 | CVE-2015-0169 | Injection vulnerability in IBM Security Siteprotector System IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | 4.0 |
| 2015-05-25 | CVE-2015-0161 | SQL Injection vulnerability in IBM Security Siteprotector System SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-05-25 | CVE-2015-0140 | ActiveX Control Remote Code Execution vulnerability in IBM Spss Statistics 22.0 An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. network ibm | 6.8 |
| 2015-05-25 | CVE-2014-8927 | Resource Management Errors vulnerability in IBM products Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926. | 5.0 |
| 2015-05-25 | CVE-2014-8926 | Resource Management Errors vulnerability in IBM products Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927. | 5.0 |
| 2015-05-25 | CVE-2014-6190 | Information Exposure vulnerability in IBM Workload Deployer The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. | 5.0 |
| 2015-05-25 | CVE-2014-4778 | Improper Input Validation vulnerability in IBM Endpoint Manager Family and License Metric Tool IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. | 4.3 |
| 2015-05-25 | CVE-2014-4774 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Endpoint Manager Family and License Metric Tool Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element. | 6.8 |
| 2015-05-25 | CVE-2015-1921 | Open Redirection vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 6.4 |
| 2015-05-25 | CVE-2015-1915 | Information Exposure vulnerability in IBM Endpoint Manager Family 9.0.1/9.1.0 The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.3 |