Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-21 | CVE-2013-5407 | Improper Input Validation vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. | 4.9 |
| 2013-12-21 | CVE-2013-4070 | Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | 5.0 |
| 2013-12-21 | CVE-2013-4069 | Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-12-21 | CVE-2013-4063 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP. | 4.3 |
| 2013-12-21 | CVE-2013-4046 | Improper Input Validation vulnerability in IBM Spss Collaboration and Deployment Services Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2013-12-21 | CVE-2013-4045 | Cross-Site Scripting vulnerability in IBM Spss Collaboration and Deployment Services Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-21 | CVE-2013-4044 | Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. | 4.0 |
| 2013-12-19 | CVE-2013-6717 | Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8 The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors. | 4.0 |
| 2013-12-19 | CVE-2013-5462 | Improper Input Validation vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | 4.3 |
| 2013-12-19 | CVE-2013-5426 | Improper Authentication vulnerability in IBM products Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | 4.9 |