Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-12-21 | CVE-2012-5954 | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. | 6.4 |
| 2012-12-20 | CVE-2012-5765 | Information Exposure vulnerability in IBM Rational Clearquest The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | 5.0 |
| 2012-12-20 | CVE-2012-4839 | Unspecified vulnerability in IBM Rational Clearquest The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. network ibm | 4.3 |
| 2012-12-19 | CVE-2012-4846 | Information Exposure vulnerability in IBM Lotus Notes IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. | 4.3 |
| 2012-12-08 | CVE-2012-3297 | Cross-Site Scripting vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3 Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | 4.3 |
| 2012-12-05 | CVE-2012-3317 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. | 6.9 |
| 2012-11-30 | CVE-2012-4834 | Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0.0.0 Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. | 5.0 |
| 2012-11-29 | CVE-2012-4841 | Resource Management Errors vulnerability in IBM Tivoli Endpoint Manager 8.2 Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors. | 5.0 |
| 2012-11-23 | CVE-2012-5756 | Cryptographic Issues vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. | 4.3 |
| 2012-11-14 | CVE-2012-4853 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. | 6.8 |