Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-07 | CVE-2013-3993 | Path Traversal vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | 6.5 |
| 2014-07-02 | CVE-2014-3066 | Information Exposure vulnerability in IBM Tivoli Endpoint Manager 9.1 IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-07-01 | CVE-2014-3088 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime Meeting Server 8.5.1 stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | 5.5 |
| 2014-06-28 | CVE-2014-0891 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. | 5.0 |
| 2014-06-28 | CVE-2013-6311 | SQL Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2014-06-28 | CVE-2013-6309 | Code Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | 6.0 |
| 2014-06-28 | CVE-2013-6308 | URI Redirection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. network ibm | 4.9 |
| 2014-06-27 | CVE-2014-3011 | Code Injection vulnerability in IBM Openpages GRC Platform 6.1.0.1 IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. | 5.0 |
| 2014-06-27 | CVE-2011-1381 | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform 6.1.0.1 Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | 6.4 |
| 2014-06-21 | CVE-2013-6737 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. | 4.0 |