Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-13 | CVE-2014-6214 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2015-03-02 | CVE-2014-8921 | Information Exposure vulnerability in IBM Notes Traveler Companion 1.0/1.1 The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | 4.3 |
| 2015-02-24 | CVE-2014-6115 | Information Exposure vulnerability in IBM Rational Insight 1.1.1.5 IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. | 5.0 |
| 2015-02-18 | CVE-2015-0108 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. | 4.3 |
| 2015-02-17 | CVE-2014-6194 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2015-02-16 | CVE-2014-6137 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-02-16 | CVE-2014-6113 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-02-14 | CVE-2014-8911 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.3 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. | 4.3 |
| 2015-02-14 | CVE-2014-4804 | Information Exposure vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. | 4.3 |
| 2015-02-13 | CVE-2014-6139 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager 8.0.1.3/8.5.0.1/8.5.5.0 The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. | 4.0 |