Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-11-16 CVE-2009-2746 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
ibm CWE-352
6.8
6.8
2009-10-28 CVE-2009-3816 Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0.0
Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2009-10-22 CVE-2009-3745 Cross-Site Scripting vulnerability in IBM Rational Appscan 5.5.0.2
Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
network
ibm CWE-79
4.3
4.3
2009-10-20 CVE-2009-3730 Cross-Site Scripting vulnerability in IBM Rational Requisitepro 7.1.0
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
network
ibm CWE-79
4.3
4.3
2009-10-01 CVE-2009-3521 Cross-Site Scripting vulnerability in IBM Tivoli Composite Application Manager for Wesbsphere 6.1.0
Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2009-09-29 CVE-2009-3472 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.
network
low complexity
ibm CWE-264
6.5
6.5
2009-09-29 CVE-2009-3470 Resource Management Errors vulnerability in IBM Informix Dynamic Server
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
network
low complexity
ibm CWE-399
5.0
5.0
2009-09-29 CVE-2009-3469 Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1
Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
ibm CWE-79
4.3
4.3
2009-09-29 CVE-2009-3453 Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1.0
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template.
network
ibm CWE-79
4.3
4.3
2009-09-21 CVE-2009-2742 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.
network
ibm CWE-79
4.3
4.3