Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-08-30 CVE-2012-3325 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.
network
ibm CWE-20
6.0
2012-08-29 CVE-2012-3312 Cryptographic Issues vulnerability in IBM Infosphere Guardium
The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
ibm CWE-310
5.0
2012-08-29 CVE-2012-3309 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Guardium
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
network
ibm CWE-352
6.8
2012-08-29 CVE-2012-3295 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 7.1
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.
network
ibm CWE-264
4.3
2012-08-21 CVE-2012-3302 Cross-Site Scripting vulnerability in IBM Lotus Domino
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.
network
ibm CWE-79
4.3
2012-08-21 CVE-2012-3301 Improper Input Validation vulnerability in IBM Lotus Domino
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
network
ibm CWE-20
4.3
2012-08-21 CVE-2012-3293 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.
network
ibm CWE-79
4.3
2012-08-21 CVE-2012-2190 Cryptographic Issues vulnerability in IBM Websphere Application Server
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.
network
low complexity
ibm CWE-310
5.0
2012-08-17 CVE-2012-3296 Cross-Site Scripting vulnerability in IBM Power Hardware Management Console 7R7.1.0/7R7.2.0/7R7.3.0
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2012-08-17 CVE-2012-2168 Information Exposure vulnerability in IBM Rational Clearquest
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter.
network
low complexity
ibm CWE-200
4.0