Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-29 | CVE-2014-6149 | Path Traversal vulnerability in IBM Tivoli Application Dependency Discovery Manager Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | 5.0 |
| 2014-10-29 | CVE-2014-4839 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-10-29 | CVE-2014-3051 | Cryptographic Issues vulnerability in IBM Tivoli Composite Application Manager for Transactions The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate. | 4.3 |
| 2014-10-28 | CVE-2014-6126 | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-10-28 | CVE-2014-6125 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2014-10-28 | CVE-2014-4821 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. | 5.0 |
| 2014-10-28 | CVE-2014-4808 | Remote Code Execution vulnerability in IBM WebSphere Portal Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2014-10-26 | CVE-2014-6099 | Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2/5.2.4 The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | 5.0 |
| 2014-10-23 | CVE-2014-4766 | Information Exposure vulnerability in IBM Classic Meeting Server IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | 5.0 |
| 2014-10-19 | CVE-2014-6116 | Improper Authentication vulnerability in IBM Websphere MQ 8.0.0.1 The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | 4.3 |