Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-16 | CVE-2014-0873 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-03-16 | CVE-2013-4059 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. | 4.3 |
| 2014-03-16 | CVE-2013-4058 | SQL Injection vulnerability in IBM Infosphere Information Server Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | 6.5 |
| 2014-03-16 | CVE-2013-4057 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-03-11 | CVE-2014-0899 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 7.1.1/7.1.2 ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands. | 6.5 |
| 2014-03-06 | CVE-2013-6720 | Path Traversal vulnerability in IBM Tealeaf CX Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. | 5.5 |
| 2014-03-06 | CVE-2013-6719 | OS Command Injection vulnerability in IBM Tealeaf CX delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. | 6.0 |
| 2014-03-06 | CVE-2013-6315 | Improper Input Validation vulnerability in IBM Enterprise Records and Infosphere Enterprise Records IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
| 2014-03-06 | CVE-2013-6304 | Path Traversal vulnerability in IBM Algo ONE and Algo Risk Application Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | 4.0 |
| 2014-03-05 | CVE-2013-6331 | SQL Injection vulnerability in IBM Algo ONE SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302. | 6.5 |