Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-19 | CVE-2014-4833 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | 6.5 |
| 2014-10-19 | CVE-2014-4830 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
| 2014-10-19 | CVE-2014-4828 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | 4.3 |
| 2014-10-19 | CVE-2014-4827 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-10-19 | CVE-2014-4825 | Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. | 4.3 |
| 2014-10-19 | CVE-2014-3021 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. | 5.0 |
| 2014-10-13 | CVE-2014-3091 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 5.0 |
| 2014-10-10 | CVE-2014-4761 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. | 4.0 |
| 2014-10-07 | CVE-2014-4802 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. | 4.0 |
| 2014-10-07 | CVE-2014-0940 | Cross-Site Scripting vulnerability in IBM Tivoli Service Automation Manager 7.2.2.2 Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) REST API or (2) Self Service UI. | 4.3 |