Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-18 | CVE-2015-0108 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. | 4.3 |
| 2015-02-17 | CVE-2014-6194 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2015-02-16 | CVE-2014-6137 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-02-16 | CVE-2014-6113 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-02-14 | CVE-2014-8911 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.3 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. | 4.3 |
| 2015-02-14 | CVE-2014-4804 | Information Exposure vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. | 4.3 |
| 2015-02-13 | CVE-2014-6139 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager 8.0.1.3/8.5.0.1/8.5.5.0 The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. | 4.0 |
| 2015-02-13 | CVE-2014-4813 | Race Condition vulnerability in IBM Tivoli Storage Manager Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. | 6.9 |
| 2015-02-13 | CVE-2014-4781 | Information Exposure vulnerability in IBM Infosphere Biginsights 2.1.2.0/3.0.0.0/3.0.0.1 The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. | 5.0 |
| 2015-02-02 | CVE-2014-8918 | Cryptographic Issues vulnerability in IBM Security Appscan IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |