Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-05 | CVE-2013-6319 | Permissions, Privileges, and Access Controls vulnerability in IBM Algo ONE IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via unspecified vectors. | 4.0 |
2014-03-05 | CVE-2013-6318 | Cross-Site Scripting vulnerability in IBM Algo ONE Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-03-05 | CVE-2013-6303 | Path Traversal vulnerability in IBM Algo ONE Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2014-03-05 | CVE-2013-6302 | SQL Injection vulnerability in IBM Algo ONE SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331. | 6.5 |
2014-03-05 | CVE-2013-5468 | Cryptographic Issues vulnerability in IBM Algo ONE IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2014-03-04 | CVE-2014-0845 | Improper Input Validation vulnerability in IBM products Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 4.9 |
2014-03-04 | CVE-2013-6730 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. | 4.3 |
2014-03-02 | CVE-2013-4054 | Path Traversal vulnerability in IBM Websphere MQ 7.5/7.5.0.1/7.5.0.2 Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | 4.3 |
2014-02-26 | CVE-2013-6731 | Permissions, Privileges, and Access Controls vulnerability in IBM Netezza Performance Portal 2.0/2.0.0.1/2.0.0.2 IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | 4.0 |
2014-02-26 | CVE-2014-0842 | Credentials Management vulnerability in IBM Rational Focal Point The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code. | 5.0 |