Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-02-18 CVE-2015-0108 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.
network
ibm CWE-79
4.3
2015-02-17 CVE-2014-6194 Path Traversal vulnerability in IBM products
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a ..
network
low complexity
ibm CWE-22
4.0
2015-02-16 CVE-2014-6137 Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2015-02-16 CVE-2014-6113 Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2015-02-14 CVE-2014-8911 Cross-site Scripting vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.3
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header.
network
ibm CWE-79
4.3
2015-02-14 CVE-2014-4804 Information Exposure vulnerability in IBM Curam Social Program Management
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
network
ibm CWE-200
4.3
2015-02-13 CVE-2014-6139 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager 8.0.1.3/8.5.0.1/8.5.5.0
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
network
low complexity
ibm CWE-264
4.0
2015-02-13 CVE-2014-4813 Race Condition vulnerability in IBM Tivoli Storage Manager
Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
local
ibm linux CWE-362
6.9
2015-02-13 CVE-2014-4781 Information Exposure vulnerability in IBM Infosphere Biginsights 2.1.2.0/3.0.0.0/3.0.0.1
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.
network
low complexity
ibm CWE-200
5.0
2015-02-02 CVE-2014-8918 Cryptographic Issues vulnerability in IBM Security Appscan
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
ibm CWE-310
5.8