Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-30 | CVE-2012-3325 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. | 6.0 |
| 2012-08-29 | CVE-2012-3312 | Cryptographic Issues vulnerability in IBM Infosphere Guardium The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2012-08-29 | CVE-2012-3309 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Guardium Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 |
| 2012-08-29 | CVE-2012-3295 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 7.1 IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. | 4.3 |
| 2012-08-21 | CVE-2012-3302 | Cross-Site Scripting vulnerability in IBM Lotus Domino Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. | 4.3 |
| 2012-08-21 | CVE-2012-3301 | Improper Input Validation vulnerability in IBM Lotus Domino Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. | 4.3 |
| 2012-08-21 | CVE-2012-3293 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. | 4.3 |
| 2012-08-21 | CVE-2012-2190 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. | 5.0 |
| 2012-08-17 | CVE-2012-3296 | Cross-Site Scripting vulnerability in IBM Power Hardware Management Console 7R7.1.0/7R7.2.0/7R7.3.0 Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-08-17 | CVE-2012-2168 | Information Exposure vulnerability in IBM Rational Clearquest IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. | 4.0 |