Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-19 | CVE-2013-5372 | Resource Management Errors vulnerability in IBM Websphere Message Broker The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. | 4.3 |
| 2013-10-17 | CVE-2013-5376 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | 4.3 |
| 2013-10-17 | CVE-2013-3025 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-10-17 | CVE-2013-0500 | Improper Input Validation vulnerability in IBM products IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | 5.4 |
| 2013-10-16 | CVE-2013-5394 | Improper Input Validation vulnerability in IBM Websphere Extreme Scale The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 4.9 |
| 2013-10-13 | CVE-2013-4056 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2013-10-10 | CVE-2013-0580 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. | 4.9 |
| 2013-10-10 | CVE-2013-0579 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication. | 4.3 |
| 2013-10-10 | CVE-2013-0577 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors. | 5.2 |
| 2013-10-04 | CVE-2013-5419 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 6.1/7.1 Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. | 6.9 |