Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-10 | CVE-2013-6334 | Improper Input Validation vulnerability in IBM products IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors. | 6.4 |
| 2013-12-22 | CVE-2013-6735 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. | 5.0 |
| 2013-12-22 | CVE-2013-6723 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.0.0.1 IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. | 5.0 |
| 2013-12-22 | CVE-2013-6328 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | 4.3 |
| 2013-12-22 | CVE-2013-6316 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. | 4.3 |
| 2013-12-22 | CVE-2013-5421 | Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | 4.3 |
| 2013-12-22 | CVE-2013-4012 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1 IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 4.9 |
| 2013-12-21 | CVE-2013-5413 | Improper Authentication vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | 4.3 |
| 2013-12-21 | CVE-2013-5411 | Improper Input Validation vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. | 4.3 |
| 2013-12-21 | CVE-2013-5409 | SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |