Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-11-13 CVE-2013-5450 Credentials Management vulnerability in IBM Security Appscan
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token.
network
high complexity
ibm CWE-255
4.0
4.0
2013-11-13 CVE-2013-5442 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-11-08 CVE-2013-3986 Buffer Errors vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
network
ibm CWE-119
4.3
4.3
2013-11-08 CVE-2013-4050 Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Domino 8.5.0/9.0.0.0
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
network
ibm CWE-352
6.0
6.0
2013-11-06 CVE-2013-5387 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Platform Symphony 5.2/6.1/6.1.1
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.
network
ibm CWE-119
4.3
4.3
2013-11-01 CVE-2013-5431 Improper Input Validation vulnerability in IBM products
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-20
5.8
5.8
2013-10-28 CVE-2013-5430 Credentials Management vulnerability in IBM Security Appscan
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.
network
low complexity
ibm CWE-255
5.5
5.5
2013-10-25 CVE-2013-5424 Permissions, Privileges, and Access Controls vulnerability in IBM Flex System Manager 1.3.0
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
network
ibm CWE-264
6.8
6.8
2013-10-22 CVE-2013-5389 Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
network
ibm CWE-79
4.3
4.3
2013-10-22 CVE-2013-5388 Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
network
ibm CWE-79
4.3
4.3