Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-12-29 CVE-2014-6168 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2014-12-24 CVE-2014-6187 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Service Registry and Repository
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
network
ibm CWE-352
6.0
2014-12-24 CVE-2014-6186 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.
network
low complexity
ibm CWE-264
4.0
2014-12-24 CVE-2014-6181 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2014-12-24 CVE-2014-6179 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2014-12-24 CVE-2014-6177 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
2014-12-24 CVE-2014-6155 Path Traversal vulnerability in IBM Websphere Service Registry and Repository
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
4.0
2014-12-24 CVE-2014-6153 Cryptographic Issues vulnerability in IBM Websphere Service Registry and Repository
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
ibm CWE-310
4.3
2014-12-23 CVE-2014-6135 Improper Input Validation vulnerability in IBM Security Appscan and Security Appscan Source
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
ibm CWE-20
4.3
2014-12-23 CVE-2014-6122 Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan and Security Appscan Source
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.
network
low complexity
ibm CWE-264
5.5