Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-01 | CVE-2014-0830 | Path Traversal vulnerability in IBM Financial Transaction Manager Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | 4.0 |
| 2014-02-01 | CVE-2013-4043 | Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. | 5.0 |
| 2014-01-31 | CVE-2013-6727 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime 8.5.2.0/8.5.2.1/9.0.0.0 The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-01-30 | CVE-2014-0837 | Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
| 2014-01-30 | CVE-2014-0836 | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2014-01-30 | CVE-2014-0835 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings. | 6.8 |
| 2014-01-22 | CVE-2013-6746 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-01-21 | CVE-2013-6305 | Cryptographic Issues vulnerability in IBM Platform Symphony 5.2/6.1.0.1 IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | 4.3 |
| 2014-01-21 | CVE-2013-4030 | Cryptographic Issues vulnerability in IBM products Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. | 4.3 |
| 2014-01-16 | CVE-2013-6325 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. | 4.3 |