Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-09 | CVE-2013-4037 | Authentication Bypass vulnerability in Intelligent Platform Management Interface The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. network ibm | 4.3 |
| 2013-08-09 | CVE-2013-0494 | Resource Management Errors vulnerability in IBM Sterling B2B Integrator 5.0/5.1 IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. | 5.0 |
| 2013-08-09 | CVE-2013-3990 | Cross-Site Scripting vulnerability in IBM Lotus Domino Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. | 4.3 |
| 2013-08-09 | CVE-2013-3032 | Cross-Site Scripting vulnerability in IBM Lotus Domino Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. | 4.3 |
| 2013-08-06 | CVE-2013-3996 | Improper Input Validation vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | 4.9 |
| 2013-08-06 | CVE-2013-3992 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Biginsights 2.0.0.0/2.1.0.0 Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
| 2013-08-01 | CVE-2013-2994 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | 6.4 |
| 2013-08-01 | CVE-2013-2993 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | 5.8 |
| 2013-07-29 | CVE-2013-3033 | SQL Injection vulnerability in IBM Tivoli Remote Control 5.1.2 SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2013-07-25 | CVE-2013-3999 | Cross-Site Scripting vulnerability in IBM Social Media Analytics 1.2.0.0 Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |