Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-19 | CVE-2013-6717 | Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8 The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors. | 4.0 |
| 2013-12-19 | CVE-2013-5462 | Improper Input Validation vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | 4.3 |
| 2013-12-19 | CVE-2013-5426 | Improper Authentication vulnerability in IBM products Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | 4.9 |
| 2013-12-19 | CVE-2013-5422 | Information Exposure vulnerability in IBM Rational Clearcase The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors. | 4.3 |
| 2013-12-18 | CVE-2013-5466 | Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8 The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors. | 4.0 |
| 2013-12-17 | CVE-2013-6733 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-17 | CVE-2013-6327 | Cross-Site Scripting vulnerability in IBM Sterling Connect Enterprise Http Option 1.3.02/1.4.00 Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue. | 4.3 |
| 2013-12-14 | CVE-2013-5438 | Cross-Site Scripting vulnerability in IBM Flex System Manager 1.1.0/1.3.0 Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-14 | CVE-2013-4001 | Improper Authentication vulnerability in IBM Cognos Command Center 10.0/10.1 Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | 4.3 |
| 2013-12-14 | CVE-2013-4000 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Command Center 10.0/10.1 Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | 6.8 |