Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-16 | CVE-2014-2401 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
| 2014-04-16 | CVE-2014-0453 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | 4.0 |
| 2014-04-15 | CVE-2014-0924 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring. | 4.6 |
| 2014-04-15 | CVE-2014-0923 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | 4.3 |
| 2014-04-15 | CVE-2014-0922 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | 4.3 |
| 2014-04-15 | CVE-2014-0921 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | 4.3 |
| 2014-04-10 | CVE-2014-0920 | Credentials Management vulnerability in IBM Spss Analytic Server 1.0.0.0/1.0.1.0 IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
| 2014-04-10 | CVE-2014-0908 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. | 6.0 |
| 2014-04-05 | CVE-2014-0827 | Cross-Site Scripting vulnerability in IBM Optim Workload Replay 1.1 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-04-02 | CVE-2014-0828 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |