Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-12-22 CVE-2014-8896 Improper Authentication vulnerability in IBM products
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.
network
low complexity
ibm CWE-287
4.0
2014-12-19 CVE-2014-8902 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2014-12-19 CVE-2014-6193 Remote Security vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.
network
ibm
4.9
2014-12-19 CVE-2014-6171 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2014-12-18 CVE-2014-8901 Resource Management Errors vulnerability in IBM DB2
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.
network
low complexity
ibm CWE-399
4.0
2014-12-18 CVE-2014-8890 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.
network
high complexity
ibm CWE-264
5.1
2014-12-18 CVE-2014-6174 7PK - Security Features vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.
network
ibm CWE-254
4.3
2014-12-18 CVE-2014-6167 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
2014-12-18 CVE-2014-6166 Unspecified vulnerability in IBM Websphere Application Server
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
ibm
4.3
2014-12-18 CVE-2014-6164 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
network
low complexity
ibm CWE-200
5.0