Vulnerabilities > IBM > Tivoli Endpoint Manager > 8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-16 | CVE-2014-6137 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-02-16 | CVE-2014-6113 | Cross-site Scripting vulnerability in IBM Tivoli Endpoint Manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-03-21 | CVE-2013-0453 | Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2 Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2012-03-22 | CVE-2012-1837 | Information Exposure vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1 The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
| 2012-03-22 | CVE-2012-0719 | Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. | 4.3 |