Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-19 | CVE-2013-5422 | Information Exposure vulnerability in IBM Rational Clearcase The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors. | 4.3 |
| 2013-12-18 | CVE-2013-5466 | Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8 The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors. | 4.0 |
| 2013-12-17 | CVE-2013-6733 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-17 | CVE-2013-6327 | Cross-Site Scripting vulnerability in IBM Sterling Connect Enterprise Http Option 1.3.02/1.4.00 Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue. | 4.3 |
| 2013-12-14 | CVE-2013-5438 | Cross-Site Scripting vulnerability in IBM Flex System Manager 1.1.0/1.3.0 Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-14 | CVE-2013-4001 | Improper Authentication vulnerability in IBM Cognos Command Center 10.0/10.1 Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | 4.3 |
| 2013-12-14 | CVE-2013-4000 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Command Center 10.0/10.1 Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | 6.8 |
| 2013-12-10 | CVE-2013-5447 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Forms Viewer Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. | 6.8 |
| 2013-12-07 | CVE-2013-5455 | Permissions, Privileges, and Access Controls vulnerability in IBM Smartcloud Provisioning 2.1.0 IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | 4.9 |
| 2013-12-04 | CVE-2013-5449 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |