Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-26 | CVE-2014-6099 | Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2/5.2.4 The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | 5.0 |
2014-10-23 | CVE-2014-4766 | Information Exposure vulnerability in IBM Classic Meeting Server IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | 5.0 |
2014-10-19 | CVE-2014-6116 | Improper Authentication vulnerability in IBM Websphere MQ 8.0.0.1 The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | 4.3 |
2014-10-19 | CVE-2014-4833 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | 6.5 |
2014-10-19 | CVE-2014-4830 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
2014-10-19 | CVE-2014-4828 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | 4.3 |
2014-10-19 | CVE-2014-4827 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-10-19 | CVE-2014-4825 | Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. | 4.3 |
2014-10-19 | CVE-2014-3021 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. | 5.0 |
2014-10-13 | CVE-2014-3091 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 5.0 |