Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-24 | CVE-2013-0565 | Cross-Site Scripting vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1 Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response. | 4.3 |
| 2013-04-24 | CVE-2013-0542 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. | 4.3 |
| 2013-04-23 | CVE-2013-0584 | Information Exposure vulnerability in IBM Infosphere Replication Server The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors. | 5.0 |
| 2013-04-23 | CVE-2013-0503 | Cross-Site Scripting vulnerability in IBM Lotus Connections Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-04-23 | CVE-2012-5950 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. | 6.8 |
| 2013-04-23 | CVE-2012-5949 | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. | 4.3 |
| 2013-04-23 | CVE-2012-5948 | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. | 4.3 |
| 2013-04-16 | CVE-2012-4829 | Cryptographic Issues vulnerability in IBM XIV Storage System Gen3 IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | 4.3 |
| 2013-04-05 | CVE-2013-0483 | Cryptographic Issues vulnerability in IBM IMS Enterprise Suite 1.1/2.1/2.2 The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-04-05 | CVE-2013-0470 | Configuration vulnerability in IBM Netezza Performance Portal 1.0.2 HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | 4.0 |