Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-20 | CVE-2012-2159 | Improper Input Validation vulnerability in IBM Security Appscan Source and Spss Data Collection Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2012-06-20 | CVE-2012-0720 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2012-06-20 | CVE-2012-0716 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-05-03 | CVE-2012-0733 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Appscan IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. | 6.0 |
| 2012-05-03 | CVE-2012-0732 | Cryptographic Issues vulnerability in IBM Rational Appscan The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2012-05-03 | CVE-2012-0731 | Information Exposure vulnerability in IBM Rational Appscan IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | 6.8 |
| 2012-05-03 | CVE-2012-0730 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Appscan Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.0 |
| 2012-05-03 | CVE-2012-0729 | Multiple Security vulnerability in IBM Rational Products Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors. network ibm | 6.0 |
| 2012-05-01 | CVE-2012-2162 | Cryptographic Issues vulnerability in IBM Websphere Application Server The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | 6.8 |
| 2012-04-22 | CVE-2012-0743 | Resource Management Errors vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | 5.0 |