Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-08 | CVE-2011-1311 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. | 6.0 |
| 2011-03-08 | CVE-2011-1308 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-03-01 | CVE-2011-1106 | Cross-Site Scripting vulnerability in IBM Lotus Sametime 8.0/8.0.1 Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action. | 4.3 |
| 2011-02-22 | CVE-2011-1038 | Cross-Site Scripting vulnerability in IBM Lotus Sametime 8.0.1 Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. | 4.3 |
| 2011-02-21 | CVE-2011-1046 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. | 5.0 |
| 2011-02-21 | CVE-2011-1045 | Security Bypass vulnerability in IBM products Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. network ibm | 6.8 |
| 2011-02-16 | CVE-2011-1034 | Cross-Site Scripting vulnerability in IBM Rational Build Forge 7.0.2 Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. | 4.3 |
| 2011-02-15 | CVE-2011-1032 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Connections 3.0 IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | 6.8 |
| 2011-02-15 | CVE-2008-7274 | Improper Input Validation vulnerability in IBM Websphere Application Server 6.1.0.9 IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | 4.3 |
| 2011-02-14 | CVE-2011-1030 | Cross-Site Scripting vulnerability in IBM Lotus Connections 3.0 Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." | 4.3 |