Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-05 | CVE-2014-4769 | XML External Entity Information Disclosure vulnerability in IBM WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.0 |
| 2014-11-04 | CVE-2014-6130 | Information Exposure vulnerability in IBM Notes Traveler 9.0.1.2 The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. | 5.0 |
| 2014-10-31 | CVE-2014-6101 | Cross-Site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-10-29 | CVE-2014-6149 | Path Traversal vulnerability in IBM Tivoli Application Dependency Discovery Manager Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | 5.0 |
| 2014-10-29 | CVE-2014-4839 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-10-29 | CVE-2014-3051 | Cryptographic Issues vulnerability in IBM Tivoli Composite Application Manager for Transactions The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate. | 4.3 |
| 2014-10-28 | CVE-2014-6126 | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-10-28 | CVE-2014-6125 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2014-10-28 | CVE-2014-4821 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. | 5.0 |
| 2014-10-28 | CVE-2014-4808 | Remote Code Execution vulnerability in IBM WebSphere Portal Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |