Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-09 | CVE-2013-3032 | Cross-Site Scripting vulnerability in IBM Lotus Domino Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. | 4.3 |
| 2013-08-06 | CVE-2013-3996 | Improper Input Validation vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | 4.9 |
| 2013-08-06 | CVE-2013-3992 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Biginsights 2.0.0.0/2.1.0.0 Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
| 2013-08-01 | CVE-2013-2994 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | 6.4 |
| 2013-08-01 | CVE-2013-2993 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | 5.8 |
| 2013-07-29 | CVE-2013-3033 | SQL Injection vulnerability in IBM Tivoli Remote Control 5.1.2 SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2013-07-25 | CVE-2013-3999 | Cross-Site Scripting vulnerability in IBM Social Media Analytics 1.2.0.0 Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-07-19 | CVE-2013-0559 | Authentication Bypass vulnerability in IBM API Management 2.0.0.0 Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. | 6.4 |
| 2013-07-03 | CVE-2013-3020 | Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567. | 4.0 |
| 2013-07-03 | CVE-2013-2987 | Information Exposure vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567. | 4.0 |