Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-10 | CVE-2012-1046 | Cross-Site Scripting vulnerability in IBM Cognos TM1 9.5.2 Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. | 4.3 |
| 2012-01-20 | CVE-2012-0193 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2012-01-19 | CVE-2011-1376 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. | 4.6 |
| 2012-01-15 | CVE-2011-5065 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. | 4.3 |
| 2012-01-15 | CVE-2011-1362 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-01-13 | CVE-2012-0696 | Cross-Site Scripting vulnerability in IBM Cognos Executive Viewer and Cognos TM1 Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. | 4.3 |
| 2012-01-04 | CVE-2011-1386 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. | 4.3 |
| 2012-01-04 | CVE-2011-1384 | Link Following vulnerability in IBM Invscout.Rte The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | 4.0 |
| 2012-01-03 | CVE-2011-5048 | Cross-Site Scripting vulnerability in IBM web Experience Factory 7.0/7.0.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. | 4.3 |
| 2011-12-15 | CVE-2011-4834 | Permissions, Privileges, and Access Controls vulnerability in HP Application Lifestyle Management 11 The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt. | 4.6 |