Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-07 | CVE-2014-0864 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Algo Credit Limits 4.5.0/4.7.0 Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document. | 6.8 |
2014-07-07 | CVE-2014-0860 | Cryptographic Issues vulnerability in IBM products The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. | 5.0 |
2014-07-07 | CVE-2013-5423 | Information Exposure vulnerability in IBM Flex System Manager IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | 5.0 |
2014-07-07 | CVE-2013-3993 | Path Traversal vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | 6.5 |
2014-07-02 | CVE-2014-3066 | Information Exposure vulnerability in IBM Tivoli Endpoint Manager 9.1 IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2014-07-01 | CVE-2014-3088 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime Meeting Server 8.5.1 stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | 5.5 |
2014-06-28 | CVE-2014-0891 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. | 5.0 |
2014-06-28 | CVE-2013-6311 | SQL Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2014-06-28 | CVE-2013-6309 | Code Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | 6.0 |
2014-06-28 | CVE-2013-6308 | URI Redirection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. network ibm | 4.9 |