Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-10 | CVE-2014-0908 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. | 6.0 |
| 2014-04-05 | CVE-2014-0827 | Cross-Site Scripting vulnerability in IBM Optim Workload Replay 1.1 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-04-02 | CVE-2014-0828 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-03-26 | CVE-2013-3997 | Improper Input Validation vulnerability in IBM Infosphere Biginsights Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
| 2014-03-25 | CVE-2014-0885 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1 Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2014-03-25 | CVE-2013-5445 | Cryptographic Issues vulnerability in IBM Cognos Express IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | 5.0 |
| 2014-03-25 | CVE-2013-5444 | Cryptographic Issues vulnerability in IBM Cognos Express The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | 5.0 |
| 2014-03-25 | CVE-2013-5443 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Express Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-03-21 | CVE-2014-0829 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearcase Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors. | 6.5 |
| 2014-03-21 | CVE-2013-5401 | Denial of Service vulnerability in IBM Websphere MQ Internet Pass Thru 2.1.0.0 The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. | 5.0 |