Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-04 | CVE-2013-5427 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2014-02-01 | CVE-2014-0833 | Permissions, Privileges, and Access Controls vulnerability in IBM Financial Transaction Manager 2.0.0.0/2.0.0.1/2.0.0.2 The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | 5.5 |
2014-02-01 | CVE-2014-0831 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 2.0.0.0/2.0.0.1/2.0.0.2 Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | 6.8 |
2014-02-01 | CVE-2014-0830 | Path Traversal vulnerability in IBM Financial Transaction Manager Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | 4.0 |
2014-02-01 | CVE-2013-4043 | Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. | 5.0 |
2014-01-31 | CVE-2013-6727 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime 8.5.2.0/8.5.2.1/9.0.0.0 The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2014-01-30 | CVE-2014-0837 | Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
2014-01-30 | CVE-2014-0836 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-01-30 | CVE-2014-0835 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings. | 6.8 |
2014-01-22 | CVE-2013-6746 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |