Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-16 | CVE-2009-2746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2009-10-28 | CVE-2009-3816 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-10-22 | CVE-2009-3745 | Cross-Site Scripting vulnerability in IBM Rational Appscan 5.5.0.2 Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2009-10-20 | CVE-2009-3730 | Cross-Site Scripting vulnerability in IBM Rational Requisitepro 7.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp. | 4.3 |
2009-10-01 | CVE-2009-3521 | Cross-Site Scripting vulnerability in IBM Tivoli Composite Application Manager for Wesbsphere 6.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-09-29 | CVE-2009-3472 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | 6.5 |
2009-09-29 | CVE-2009-3470 | Resource Management Errors vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | 5.0 |
2009-09-29 | CVE-2009-3469 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1 Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
2009-09-29 | CVE-2009-3453 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1.0 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | 4.3 |
2009-09-21 | CVE-2009-2742 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | 4.3 |