Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-12-18 CVE-2014-6076 7PK - Security Features vulnerability in IBM products
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.
network
ibm CWE-254
4.3
2014-12-17 CVE-2014-6182 Path Traversal vulnerability in IBM Business Process Manager
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
ibm CWE-22
4.0
2014-12-17 CVE-2014-4844 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.
network
low complexity
ibm CWE-264
6.5
2014-12-16 CVE-2014-6176 Cryptographic Issues vulnerability in IBM products
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
network
ibm CWE-310
4.3
2014-12-12 CVE-2014-6210 Improper Input Validation vulnerability in IBM DB2 and DB2 Connect
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.
network
low complexity
ibm CWE-20
4.0
2014-12-12 CVE-2014-6209 Improper Input Validation vulnerability in IBM DB2
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.
network
low complexity
ibm CWE-20
4.0
2014-12-12 CVE-2014-6138 Information Exposure vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1.0.0/2.5.0.0
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
2014-12-12 CVE-2014-4815 Remote Security vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.0.0
Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors.
network
ibm
4.3
2014-12-11 CVE-2014-3058 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1.0.0/2.5.0.0
Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2014-12-11 CVE-2014-6114 Information Exposure vulnerability in IBM products
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm CWE-200
5.0