Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-03-05 CVE-2012-4837 Information Exposure vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
4.0
2013-03-05 CVE-2012-4835 Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-03-05 CVE-2012-2193 Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-03-05 CVE-2012-2177 Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature.
network
ibm CWE-79
4.3
4.3
2013-02-27 CVE-2012-4844 Cross-Site Scripting vulnerability in IBM Lotus Domino
Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-02-27 CVE-2012-4842 Resource Management Errors vulnerability in IBM Lotus Domino
Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-399
5.8
5.8
2013-02-27 CVE-2012-5767 Security Bypass vulnerability in IBM Ts3500 Tape Library and Ts3500 Tape Library Firmware
Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.
network
low complexity
ibm
6.5
6.5
2013-02-22 CVE-2013-0465 Security vulnerability in IBM WebSphere Cast Iron Cloud Integration
Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
ibm
5.4
5.4
2013-02-21 CVE-2013-0472 Unauthorized Access vulnerability in IBM Tivoli Storage Manager Client
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
network
high complexity
ibm
5.1
5.1
2013-02-21 CVE-2013-0471 Denial of Service vulnerability in IBM Tivoli Storage Manager
The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.
network
ibm
4.3
4.3