Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-23 | CVE-2014-6183 | Resource Management Errors vulnerability in IBM products IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 4.0 |
| 2014-11-23 | CVE-2014-4807 | Resource Management Errors vulnerability in IBM Sterling Selling and Fulfillment Foundation Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. | 4.0 |
| 2014-11-18 | CVE-2014-6107 | Information Exposure vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 4.3 |
| 2014-11-18 | CVE-2014-6105 | Improper Input Validation vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
| 2014-11-18 | CVE-2014-6098 | Credentials Management vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | 5.0 |
| 2014-11-18 | CVE-2014-6096 | Cross-Site Scripting vulnerability in IBM Security Identity Manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-11-18 | CVE-2014-6095 | Path Traversal vulnerability in IBM Security Identity Manager Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2014-11-08 | CVE-2014-6097 | Improper Input Validation vulnerability in IBM DB2 9.7/9.8 IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | 4.0 |
| 2014-11-05 | CVE-2014-4834 | XML External Entity Denial of Service vulnerability in IBM WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. network ibm | 4.3 |
| 2014-11-05 | CVE-2014-4810 | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Mobile 10.1.1/10.2.0/10.2.1 IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | 4.3 |