Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-05-25 CVE-2014-8927 Resource Management Errors vulnerability in IBM products
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.
network
low complexity
ibm CWE-399
5.0
2015-05-25 CVE-2014-8926 Resource Management Errors vulnerability in IBM products
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927.
network
low complexity
ibm CWE-399
5.0
2015-05-25 CVE-2014-6190 Information Exposure vulnerability in IBM Workload Deployer
The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document.
network
low complexity
ibm CWE-200
5.0
2015-05-25 CVE-2014-4778 Improper Input Validation vulnerability in IBM Endpoint Manager Family and License Metric Tool
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.
network
ibm CWE-20
4.3
2015-05-25 CVE-2014-4774 Cross-Site Request Forgery (CSRF) vulnerability in IBM Endpoint Manager Family and License Metric Tool
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.
network
ibm CWE-352
6.8
2015-05-25 CVE-2015-1921 Open Redirection vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
network
low complexity
ibm
6.4
2015-05-25 CVE-2015-1915 Information Exposure vulnerability in IBM Endpoint Manager Family 9.0.1/9.1.0
The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
ibm CWE-200
4.3
2015-05-25 CVE-2015-1911 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2015-05-25 CVE-2015-1909 Information Exposure vulnerability in IBM Infosphere Master Data Management Server
The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-200
5.0
2015-05-25 CVE-2015-1895 Permissions, Privileges, and Access Controls vulnerability in IBM Optim Workload Replay 2.1/2.1.0.1/2.1.0.2
IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior.
network
low complexity
ibm CWE-264
5.0