Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-21 | CVE-2013-0477 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. | 6.0 |
| 2013-02-21 | CVE-2013-0467 | Permissions, Privileges, and Access Controls vulnerability in IBM Data Studio 3.1.0/3.1.1 IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. | 4.0 |
| 2013-02-20 | CVE-2012-6357 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors. | 6.5 |
| 2013-02-20 | CVE-2012-6356 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. | 6.5 |
| 2013-02-20 | CVE-2012-6355 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order. | 6.5 |
| 2013-02-20 | CVE-2012-5953 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. | 4.3 |
| 2013-02-20 | CVE-2012-5952 | Improper Authentication vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. | 5.0 |
| 2013-02-20 | CVE-2012-5940 | Improper Authentication vulnerability in IBM Netezza 6.0.5/6.0.8/7.0 The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. | 4.3 |
| 2013-02-20 | CVE-2012-5763 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Netezza 6.0.5/6.0.8/7.0 Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2013-02-20 | CVE-2012-5760 | SQL Injection vulnerability in IBM Netezza 6.0.5/6.0.8/7.0 SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |