Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-06-28 CVE-2014-6198 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Network Protection Firmware 5.3
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.
network
ibm CWE-352
6.8
2015-06-07 CVE-2015-0112 XML External Entity Injection vulnerability in Multiple IBM Products
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
4.0
2015-06-07 CVE-2014-8887 Improper Input Validation vulnerability in IBM Marketing Operations
IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors.
network
low complexity
ibm CWE-20
4.0
2015-06-07 CVE-2014-6222 Path Traversal vulnerability in IBM Marketing Operations
Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
ibm CWE-22
4.0
2015-06-02 CVE-2015-1945 Remote Privilege Escalation vulnerability in IBM InfoSphere Reference Data Management
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.
network
low complexity
ibm
6.5
2015-05-25 CVE-2015-0180 Improper Access Control vulnerability in IBM Infosphere Information Server
The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors.
network
low complexity
ibm CWE-284
5.5
2015-05-25 CVE-2015-0171 Path Traversal vulnerability in IBM Security Siteprotector System
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
5.5
2015-05-25 CVE-2015-0169 Injection vulnerability in IBM Security Siteprotector System
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
network
low complexity
ibm CWE-74
4.0
2015-05-25 CVE-2015-0161 SQL Injection vulnerability in IBM Security Siteprotector System
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
2015-05-25 CVE-2015-0140 ActiveX Control Remote Code Execution vulnerability in IBM Spss Statistics 22.0
An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document.
network
ibm
6.8