Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-16 | CVE-2014-0917 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-05-09 | CVE-2014-0946 | Information Exposure vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5 The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 4.3 |
| 2014-05-09 | CVE-2014-0944 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5 Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-05-09 | CVE-2014-0913 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. | 4.3 |
| 2014-05-08 | CVE-2014-0930 | Unspecified vulnerability in IBM AIX and Vios The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. local ibm | 4.7 |
| 2014-05-07 | CVE-2014-0911 | Unspecified vulnerability in IBM Websphere MQ inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. network ibm | 4.3 |
| 2014-05-01 | CVE-2014-0896 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. | 4.3 |
| 2014-05-01 | CVE-2014-0859 | Denial of Service vulnerability in IBM WebSphere Application Server The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 5.0 |
| 2014-05-01 | CVE-2014-0857 | Information Exposure vulnerability in IBM Websphere Application Server The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. | 4.0 |
| 2014-05-01 | CVE-2014-0823 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. | 4.3 |