Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-26 | CVE-2013-3997 | Improper Input Validation vulnerability in IBM Infosphere Biginsights Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
| 2014-03-25 | CVE-2014-0885 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1 Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2014-03-25 | CVE-2013-5445 | Cryptographic Issues vulnerability in IBM Cognos Express IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | 5.0 |
| 2014-03-25 | CVE-2013-5444 | Cryptographic Issues vulnerability in IBM Cognos Express The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | 5.0 |
| 2014-03-25 | CVE-2013-5443 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Express Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-03-21 | CVE-2014-0829 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearcase Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors. | 6.5 |
| 2014-03-21 | CVE-2013-5401 | Denial of Service vulnerability in IBM Websphere MQ Internet Pass Thru 2.1.0.0 The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. | 5.0 |
| 2014-03-16 | CVE-2014-0873 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-03-16 | CVE-2013-4059 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. | 4.3 |
| 2014-03-16 | CVE-2013-4058 | SQL Injection vulnerability in IBM Infosphere Information Server Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | 6.5 |