Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-21 | CVE-2013-2960 | Buffer Errors vulnerability in IBM products Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL. | 5.0 |
| 2013-06-21 | CVE-2013-0551 | Improper Input Validation vulnerability in IBM products The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. | 5.0 |
| 2013-06-21 | CVE-2013-0548 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-06-21 | CVE-2013-0529 | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect Direct User Interface The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
| 2013-06-19 | CVE-2013-2968 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Sterling Control Center An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters. | 6.3 |
| 2013-06-19 | CVE-2013-0484 | Denial of Service vulnerability in IBM Cognos TM1 10.1.0/10.1.0.1/10.1.1 The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data. network ibm | 4.3 |
| 2013-06-17 | CVE-2013-2981 | Path Traversal vulnerability in IBM Data Studio 3.1.0/3.1.1 Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2013-06-17 | CVE-2013-2980 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Data Studio 3.1.0/3.1.1 Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access monitored database information. | 6.8 |
| 2013-06-03 | CVE-2013-2970 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors. | 6.5 |
| 2013-06-03 | CVE-2013-0464 | Cross-Site Scripting vulnerability in IBM Eclipse Help System and Spss Data Collection Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |