Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-29 | CVE-2014-3057 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-07-29 | CVE-2014-3056 | Information Exposure vulnerability in IBM products The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | 5.0 |
| 2014-07-29 | CVE-2014-3054 | Open Redirection vulnerability in IBM products Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network ibm | 5.8 |
| 2014-07-29 | CVE-2014-3020 | Permissions, Privileges, and Access Controls vulnerability in IBM products install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | 6.9 |
| 2014-07-29 | CVE-2014-0889 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2014-07-26 | CVE-2014-4748 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-07-26 | CVE-2014-3071 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server 11.3 Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. | 4.3 |
| 2014-07-19 | CVE-2014-3064 | Information Exposure vulnerability in IBM products The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter. | 6.3 |
| 2014-07-19 | CVE-2014-3043 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. | 6.5 |
| 2014-07-18 | CVE-2014-0957 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. | 4.3 |