Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-02-02 CVE-2014-6170 Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker
The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.
network
low complexity
ibm CWE-200
5.0
2015-02-02 CVE-2014-6136 Cryptographic Issues vulnerability in IBM Security Appscan
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
ibm CWE-310
5.0
2015-01-29 CVE-2014-8895 Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
network
ibm CWE-264
4.3
2015-01-29 CVE-2014-8894 Open Redirection vulnerability in IBM Tririga Application Platform
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
network
ibm
4.9
2015-01-28 CVE-2014-8917 Cross-site Scripting vulnerability in IBM products
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2015-01-21 CVE-2014-6172 Information Exposure vulnerability in IBM API Management
IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
2015-01-17 CVE-2014-6197 Improper Input Validation vulnerability in IBM Security Network Protection XGS Firmware
IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
ibm CWE-20
4.3
2015-01-17 CVE-2014-3019 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.
network
low complexity
ibm CWE-264
5.0
2015-01-10 CVE-2014-6212 XML External Entity Information Disclosure vulnerability in Multiple IBM Products
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
4.0
2015-01-10 CVE-2014-6199 Resource Management Errors vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.
network
low complexity
ibm CWE-399
5.0