Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-14 | CVE-2014-0960 | Permissions, Privileges, and Access Controls vulnerability in IBM Pureapplication System IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. | 6.6 |
| 2014-06-10 | CVE-2014-3042 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Cics Transaction Server IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream. | 4.0 |
| 2014-06-08 | CVE-2014-3977 | Link Following vulnerability in IBM AIX and Vios libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
| 2014-06-08 | CVE-2014-3048 | Local Privilege Escalation vulnerability in IBM products Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. | 6.0 |
| 2014-06-08 | CVE-2014-3036 | Unauthorized Access vulnerability in IBM API Management 3.0.0.0 Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors. network ibm | 4.3 |
| 2014-06-08 | CVE-2014-0936 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan Source IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |
| 2014-06-08 | CVE-2014-0929 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. | 6.0 |
| 2014-06-08 | CVE-2014-0961 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager and Tivoli Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-06-04 | CVE-2014-0935 | Local Privilege Escalation vulnerability in IBM products Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. | 4.6 |
| 2014-05-30 | CVE-2014-3010 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |