Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-16 | CVE-2013-4047 | Cross-Site Scripting vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0 Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link. | 4.3 |
| 2013-09-12 | CVE-2013-3039 | Improper Authentication vulnerability in IBM Rational Requirements Composer IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | 5.4 |
| 2013-09-12 | CVE-2013-3038 | Credentials Management vulnerability in IBM Rational Requirements Composer Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | 5.4 |
| 2013-09-12 | CVE-2013-3037 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Requirements Composer Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | 4.4 |
| 2013-09-12 | CVE-2013-3036 | Improper Input Validation vulnerability in IBM Rational Requirements Composer Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 4.9 |
| 2013-09-09 | CVE-2013-2992 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0.0.4/7.0.0.5/7.0.0.6 The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. | 4.3 |
| 2013-09-09 | CVE-2013-4062 | Cryptographic Issues vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | 6.8 |
| 2013-09-09 | CVE-2013-4061 | Improper Authentication vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | 4.0 |
| 2013-09-08 | CVE-2013-0531 | Cryptographic Issues vulnerability in IBM Security Appscan The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-08-28 | CVE-2013-4039 | Information Exposure vulnerability in IBM Websphere Extended Deployment Compute Grid IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors. | 4.0 |