Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-01 | CVE-2013-0502 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | 4.3 |
| 2013-04-01 | CVE-2012-4861 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Replication Server The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL. | 4.0 |
| 2013-03-29 | CVE-2013-0532 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Policy Tester and Security Appscan Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. | 6.8 |
| 2013-03-29 | CVE-2013-0512 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Policy Tester and Security Appscan Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. | 4.3 |
| 2013-03-29 | CVE-2013-0511 | SQL Injection vulnerability in IBM Security Appscan Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | 6.5 |
| 2013-03-29 | CVE-2013-0510 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. | 4.3 |
| 2013-03-29 | CVE-2013-0474 | Information Exposure vulnerability in IBM Rational Policy Tester and Security Appscan The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. | 4.3 |
| 2013-03-29 | CVE-2013-0473 | Cross-Site Scripting vulnerability in IBM Rational Policy Tester and Security Appscan Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. | 4.3 |
| 2013-03-29 | CVE-2013-0452 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Software USE Analysis and Tivoli Endpoint Manager Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. | 6.8 |
| 2013-03-27 | CVE-2013-0489 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Domino Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | 6.0 |