Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-17 | CVE-2014-3019 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session. | 5.0 |
2015-01-10 | CVE-2014-6212 | XML External Entity Information Disclosure vulnerability in Multiple IBM Products The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.0 |
2015-01-10 | CVE-2014-6199 | Resource Management Errors vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. | 5.0 |
2014-12-29 | CVE-2014-6168 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2014-12-24 | CVE-2014-6187 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Service Registry and Repository Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2014-12-24 | CVE-2014-6186 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph. | 4.0 |
2014-12-24 | CVE-2014-6181 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
2014-12-24 | CVE-2014-6179 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-12-24 | CVE-2014-6177 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
2014-12-24 | CVE-2014-6155 | Path Traversal vulnerability in IBM Websphere Service Registry and Repository Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |