Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-25 | CVE-2015-1911 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-05-25 | CVE-2015-1909 | Information Exposure vulnerability in IBM Infosphere Master Data Management Server The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2015-05-25 | CVE-2015-1895 | Permissions, Privileges, and Access Controls vulnerability in IBM Optim Workload Replay 2.1/2.1.0.1/2.1.0.2 IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior. | 5.0 |
| 2015-05-25 | CVE-2015-1894 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Optim Workload Replay 2.1/2.1.0.1/2.1.0.2 Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2015-05-20 | CVE-2015-0189 | Resource Management Errors vulnerability in IBM Websphere MQ The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. | 4.0 |
| 2015-05-20 | CVE-2014-8924 | XML External Entity Information Disclosure vulnerability in IBM products The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.4 |
| 2015-05-08 | CVE-2015-1907 | Information Exposure vulnerability in IBM Rational License KEY Server The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | 4.0 |
| 2015-05-08 | CVE-2014-0919 | Information Exposure vulnerability in IBM DB2 IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | 4.0 |
| 2015-04-27 | CVE-2015-0175 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors. | 5.5 |
| 2015-04-27 | CVE-2015-0174 | Information Exposure vulnerability in IBM Websphere Application Server The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |