CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0920 255 +Info 2014-04-10 2014-04-11
4.0
None Remote Low Single system Partial None None
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
2 CVE-2014-0908 264 +Info 2014-04-10 2014-04-11
6.0
None Remote Medium Single system Partial Partial Partial
The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.
3 CVE-2014-0904 20 Exec Code 2014-03-26 2014-03-26
7.6
None Remote High Not required Complete Complete Complete
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
4 CVE-2014-0901 79 XSS 2014-04-01 2014-04-02
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5 CVE-2014-0899 264 Bypass 2014-03-11 2014-03-11
6.5
None Remote Low Single system Partial Partial Partial
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
6 CVE-2014-0895 119 Exec Code Overflow 2014-03-16 2014-03-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value.
7 CVE-2014-0890 255 +Info 2014-03-06 2014-03-07
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
8 CVE-2014-0887 78 Exec Code 2014-03-25 2014-03-26
7.1
None Remote High Single system Complete Complete Complete
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
9 CVE-2014-0886 78 Exec Code Bypass 2014-03-25 2014-03-26
7.1
None Remote High Single system Complete Complete Complete
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
10 CVE-2014-0885 352 CSRF 2014-03-25 2014-03-26
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
11 CVE-2014-0884 79 XSS 2014-03-25 2014-03-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
12 CVE-2014-0880 DoS 2014-03-28 2014-03-31
7.5
None Remote Low Not required Partial Partial Partial
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.
13 CVE-2014-0879 119 Exec Code Overflow 2014-03-21 2014-03-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.
14 CVE-2014-0874 79 XSS 2014-02-28 2014-02-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
15 CVE-2014-0873 352 CSRF 2014-03-16 2014-03-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.
16 CVE-2014-0862 Exec Code 2014-03-01 2014-03-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
17 CVE-2014-0861 79 XSS 2014-02-22 2014-03-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button.
18 CVE-2014-0858 264 Bypass 2014-02-27 2014-02-28
3.5
None Remote Medium Single system None Partial None
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
19 CVE-2014-0855 79 XSS 2014-02-14 2014-02-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
20 CVE-2014-0854 264 2014-02-22 2014-03-05
5.0
None Remote Low Not required Partial None None
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
21 CVE-2014-0853 79 XSS 2014-02-25 2014-02-26
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
22 CVE-2014-0850 79 XSS 2014-03-16 2014-03-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
23 CVE-2014-0848 310 2014-03-26 2014-03-26
3.5
None Remote Medium Single system Partial None None
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
24 CVE-2014-0846 79 XSS 2014-03-04 2014-03-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
25 CVE-2014-0845 20 2014-03-04 2014-03-05
4.9
None Remote Medium Single system Partial Partial None
Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
26 CVE-2014-0844 2014-03-04 2014-03-05
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.
27 CVE-2014-0843 79 XSS 2014-02-25 2014-02-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
28 CVE-2014-0842 255 +Info 2014-02-25 2014-02-26
5.0
None Remote Low Not required Partial None None
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
29 CVE-2014-0840 79 XSS 2014-02-25 2014-02-26
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
30 CVE-2014-0839 264 2014-02-25 2014-02-26
4.0
None Remote Low Single system None Partial None
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.
31 CVE-2014-0838 Exec Code 2014-01-30 2014-02-06
7.5
None Remote Low Not required Partial Partial Partial
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
32 CVE-2014-0837 310 2014-01-30 2014-02-11
4.3
None Remote Medium Not required None Partial None
The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
33 CVE-2014-0836 79 XSS 2014-01-30 2014-02-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
34 CVE-2014-0835 352 CSRF 2014-01-30 2014-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.
35 CVE-2014-0834 20 DoS 2014-02-04 2014-02-06
4.0
None Remote Low Single system None None Partial
IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.
36 CVE-2014-0833 264 Bypass 2014-02-01 2014-02-03
5.5
None Remote Low Single system Partial Partial None
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.
37 CVE-2014-0832 79 XSS 2014-02-01 2014-02-03
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.
38 CVE-2014-0831 352 CSRF 2014-02-01 2014-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.
39 CVE-2014-0830 22 Dir. Trav. 2014-02-01 2014-02-03
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.
40 CVE-2014-0829 119 Overflow 2014-03-21 2014-03-24
6.5
None Remote Low Single system Partial Partial Partial
Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.
41 CVE-2014-0828 79 XSS 2014-04-01 2014-04-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
42 CVE-2014-0827 79 XSS 2014-04-05 2014-04-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
43 CVE-2014-0822 DoS 2014-02-06 2014-02-07
7.8
None Remote Low Not required None None Complete
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
44 CVE-2013-6749 119 Exec Code Overflow 2014-01-29 2014-02-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748.
45 CVE-2013-6748 119 Exec Code Overflow 2014-01-29 2014-02-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6749.
46 CVE-2013-6747 20 DoS 2014-01-27 2014-02-06
7.1
None Remote Medium Not required None None Complete
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain.
47 CVE-2013-6746 79 XSS 2014-01-22 2014-02-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2013-6745 79 XSS 2013-12-22 2014-01-03
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
49 CVE-2013-6743 79 XSS 2014-02-14 2014-02-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
50 CVE-2013-6742 264 2014-02-14 2014-02-21
7.5
None Remote Low Not required Partial Partial Partial
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Total number of vulnerabilities : 1967   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.