Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-17 | CVE-2014-0966 | SQL Injection vulnerability in IBM products SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2014-08-16 | CVE-2014-0852 | Cryptographic Issues vulnerability in IBM products IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. | 4.3 |
| 2014-08-12 | CVE-2014-4760 | Open Redirection vulnerability in IBM WebSphere Portal Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. network ibm | 5.8 |
| 2014-08-12 | CVE-2014-4751 | Cross-Site Scripting vulnerability in IBM Security Access Manager for Mobile 8.0.0.0/8.0.0.1/8.0.0.3 Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-08-12 | CVE-2014-4746 | Information Exposure vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0 IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. | 5.0 |
| 2014-08-12 | CVE-2014-0953 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-08-12 | CVE-2013-5433 | Credentials Management vulnerability in IBM Infosphere Optim Data Growth Solution for Siebel CRM The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document. | 4.0 |
| 2014-08-11 | CVE-2014-3076 | Information Exposure vulnerability in IBM Business Process Manager 8.5.0.0/8.5.0.1/8.5.5.0 IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. | 5.0 |
| 2014-07-30 | CVE-2014-0948 | Arbitrary File Upload vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive. network ibm | 6.0 |
| 2014-07-30 | CVE-2014-0947 | Security vulnerability in IBM Rational Software Architect Design Manager 4.0.6 Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. network ibm | 6.0 |