Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-02-21 CVE-2013-0477 Cross-Site Scripting vulnerability in IBM products
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
network
ibm CWE-79
6.0
2013-02-21 CVE-2013-0467 Permissions, Privileges, and Access Controls vulnerability in IBM Data Studio 3.1.0/3.1.1
IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL.
network
low complexity
ibm CWE-264
4.0
2013-02-20 CVE-2012-6357 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
2013-02-20 CVE-2012-6356 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
network
low complexity
ibm CWE-264
6.5
2013-02-20 CVE-2012-6355 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
network
low complexity
ibm CWE-264
6.5
2013-02-20 CVE-2012-5953 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Message Broker
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string.
network
ibm CWE-119
4.3
2013-02-20 CVE-2012-5952 Improper Authentication vulnerability in IBM Websphere Message Broker
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.
network
low complexity
ibm CWE-287
5.0
2013-02-20 CVE-2012-5940 Improper Authentication vulnerability in IBM Netezza 6.0.5/6.0.8/7.0
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
network
ibm CWE-287
4.3
2013-02-20 CVE-2012-5763 Cross-Site Request Forgery (CSRF) vulnerability in IBM Netezza 6.0.5/6.0.8/7.0
Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
ibm CWE-352
6.8
2013-02-20 CVE-2012-5760 SQL Injection vulnerability in IBM Netezza 6.0.5/6.0.8/7.0
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5