Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-11 | CVE-2014-3076 | Information Exposure vulnerability in IBM Business Process Manager 8.5.0.0/8.5.0.1/8.5.5.0 IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. | 5.0 |
| 2014-07-30 | CVE-2014-0948 | Arbitrary File Upload vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive. network ibm | 6.0 |
| 2014-07-30 | CVE-2014-0947 | Security vulnerability in IBM Rational Software Architect Design Manager 4.0.6 Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. network ibm | 6.0 |
| 2014-07-29 | CVE-2014-3057 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-07-29 | CVE-2014-3056 | Information Exposure vulnerability in IBM products The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | 5.0 |
| 2014-07-29 | CVE-2014-3054 | Open Redirection vulnerability in IBM products Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network ibm | 5.8 |
| 2014-07-29 | CVE-2014-3020 | Permissions, Privileges, and Access Controls vulnerability in IBM products install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | 6.9 |
| 2014-07-29 | CVE-2014-0889 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2014-07-26 | CVE-2014-4748 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-07-26 | CVE-2014-3071 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server 11.3 Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. | 4.3 |