Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-25 | CVE-2013-5424 | Permissions, Privileges, and Access Controls vulnerability in IBM Flex System Manager 1.3.0 IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. | 6.8 |
| 2013-10-22 | CVE-2013-5389 | Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0 Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X. | 4.3 |
| 2013-10-22 | CVE-2013-5388 | Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0 Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F. | 4.3 |
| 2013-10-19 | CVE-2013-5372 | Resource Management Errors vulnerability in IBM Websphere Message Broker The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. | 4.3 |
| 2013-10-17 | CVE-2013-5376 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | 4.3 |
| 2013-10-17 | CVE-2013-3025 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-10-17 | CVE-2013-0500 | Improper Input Validation vulnerability in IBM products IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | 5.4 |
| 2013-10-16 | CVE-2013-5394 | Improper Input Validation vulnerability in IBM Websphere Extreme Scale The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 4.9 |
| 2013-10-13 | CVE-2013-4056 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2013-10-10 | CVE-2013-0580 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. | 4.9 |