Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-24 | CVE-2013-6738 | Cross-Site Scripting vulnerability in IBM Smartcloud Analytics LOG Analysis 1.1.0/1.2.0 Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint. | 4.3 |
| 2014-04-23 | CVE-2014-0892 | Information Exposure vulnerability in IBM Lotus Domino and Lotus Notes IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W. | 5.0 |
| 2014-04-21 | CVE-2013-5459 | Security vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking. | 5.5 |
| 2014-04-16 | CVE-2014-2401 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
| 2014-04-16 | CVE-2014-0453 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | 4.0 |
| 2014-04-15 | CVE-2014-0924 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring. | 4.6 |
| 2014-04-15 | CVE-2014-0923 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | 4.3 |
| 2014-04-15 | CVE-2014-0922 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | 4.3 |
| 2014-04-15 | CVE-2014-0921 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | 4.3 |
| 2014-04-10 | CVE-2014-0920 | Credentials Management vulnerability in IBM Spss Analytic Server 1.0.0.0/1.0.1.0 IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |