Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-10 | CVE-2013-5447 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Forms Viewer Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. | 6.8 |
| 2013-12-07 | CVE-2013-5455 | Permissions, Privileges, and Access Controls vulnerability in IBM Smartcloud Provisioning 2.1.0 IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | 4.9 |
| 2013-12-04 | CVE-2013-5449 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-01 | CVE-2013-6718 | Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64 The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | 6.4 |
| 2013-11-29 | CVE-2013-5463 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | 4.3 |
| 2013-11-24 | CVE-2013-5375 | Security Bypass vulnerability in IBM Java Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. network ibm | 6.8 |
| 2013-11-24 | CVE-2013-4041 | Security Bypass vulnerability in IBM Java Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. network ibm | 6.8 |
| 2013-11-22 | CVE-2013-6312 | Unspecified vulnerability in IBM products Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2013-11-18 | CVE-2013-5417 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data. | 4.3 |
| 2013-11-18 | CVE-2013-4006 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. | 4.3 |