Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-12 | CVE-2013-3037 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Requirements Composer Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | 4.4 |
| 2013-09-12 | CVE-2013-3036 | Improper Input Validation vulnerability in IBM Rational Requirements Composer Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 4.9 |
| 2013-09-09 | CVE-2013-2992 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0.0.4/7.0.0.5/7.0.0.6 The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. | 4.3 |
| 2013-09-09 | CVE-2013-4062 | Cryptographic Issues vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. | 6.8 |
| 2013-09-09 | CVE-2013-4061 | Improper Authentication vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | 4.0 |
| 2013-09-08 | CVE-2013-0531 | Cryptographic Issues vulnerability in IBM Security Appscan The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-08-28 | CVE-2013-4039 | Information Exposure vulnerability in IBM Websphere Extended Deployment Compute Grid IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors. | 4.0 |
| 2013-08-28 | CVE-2013-4033 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Connect IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | 4.6 |
| 2013-08-27 | CVE-2013-0595 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. | 4.3 |
| 2013-08-27 | CVE-2013-0566 | Cross-Site Scripting vulnerability in IBM Websphere Commerce Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |