Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-05 | CVE-2013-6302 | SQL Injection vulnerability in IBM Algo ONE SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331. | 6.5 |
| 2014-03-05 | CVE-2013-5468 | Cryptographic Issues vulnerability in IBM Algo ONE IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2014-03-04 | CVE-2014-0845 | Improper Input Validation vulnerability in IBM products Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 4.9 |
| 2014-03-04 | CVE-2013-6730 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. | 4.3 |
| 2014-03-02 | CVE-2013-4054 | Path Traversal vulnerability in IBM Websphere MQ 7.5/7.5.0.1/7.5.0.2 Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | 4.3 |
| 2014-02-26 | CVE-2013-6731 | Permissions, Privileges, and Access Controls vulnerability in IBM Netezza Performance Portal 2.0/2.0.0.1/2.0.0.2 IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | 4.0 |
| 2014-02-26 | CVE-2014-0842 | Credentials Management vulnerability in IBM Rational Focal Point The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code. | 5.0 |
| 2014-02-26 | CVE-2014-0839 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Focal Point IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. | 4.0 |
| 2014-02-22 | CVE-2014-0854 | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-02-22 | CVE-2013-6732 | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 4.3 |