CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6745 79 XSS 2013-12-22 2014-01-03
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
2 CVE-2013-6735 264 +Info 2013-12-22 2014-01-03
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
3 CVE-2013-6733 79 XSS 2013-12-17 2013-12-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4 CVE-2013-6723 264 +Info 2013-12-22 2014-01-03
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors.
5 CVE-2013-6721 79 XSS 2013-12-17 2014-01-03
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.
6 CVE-2013-6718 310 2013-11-30 2013-12-13
6.4
None Remote Low Not required Partial Partial None
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
7 CVE-2013-6717 DoS 2013-12-19 2014-02-06
4.0
None Remote Low Single system None None Partial
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.
8 CVE-2013-6329 310 DoS 2013-12-17 2014-01-23
7.8
None Remote Low Not required None None Complete
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
9 CVE-2013-6328 79 XSS 2013-12-22 2014-01-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
10 CVE-2013-6327 79 XSS 2013-12-17 2013-12-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue.
11 CVE-2013-6322 79 XSS 2013-11-27 2014-03-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
12 CVE-2013-6316 264 +Info 2013-12-22 2014-01-07
4.3
None Remote Medium Not required Partial None None
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.
13 CVE-2013-6312 2013-11-22 2014-03-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors.
14 CVE-2013-6307 79 XSS 2013-11-29 2014-03-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
15 CVE-2013-5466 DoS 2013-12-18 2013-12-19
4.0
None Remote Low Single system None None Partial
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
16 CVE-2013-5463 264 Bypass 2013-11-29 2014-03-05
4.3
None Remote Medium Not required None Partial None
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file.
17 CVE-2013-5462 20 2013-12-19 2013-12-20
4.3
None Remote Medium Not required None Partial None
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.
18 CVE-2013-5458 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
19 CVE-2013-5457 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.
20 CVE-2013-5456 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
21 CVE-2013-5455 264 2013-12-07 2013-12-09
4.9
None Remote Medium Single system None Partial Partial
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command.
22 CVE-2013-5454 200 +Info 2013-11-17 2013-11-21
4.3
None Remote Medium Not required Partial None None
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.
23 CVE-2013-5453 200 +Info 2013-11-13 2013-11-14
3.5
None Remote Medium Single system Partial None None
IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted.
24 CVE-2013-5452 200 +Info 2013-12-19 2013-12-20
3.5
None Remote Medium Single system Partial None None
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
25 CVE-2013-5450 255 +Info 2013-11-13 2013-11-14
4.0
None Remote High Not required Partial Partial None
IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token.
26 CVE-2013-5449 79 XSS 2013-12-04 2014-03-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
27 CVE-2013-5448 79 XSS 2013-11-29 2014-03-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
28 CVE-2013-5447 119 1 Exec Code Overflow 2013-12-10 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
29 CVE-2013-5446 2013-10-22 2013-10-22
10.0
None Remote Low Not required Complete Complete Complete
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
30 CVE-2013-5442 79 XSS 2013-11-13 2013-11-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2013-5440 200 +Info 2013-12-18 2013-12-19
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.
32 CVE-2013-5438 79 XSS 2013-12-14 2013-12-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
33 CVE-2013-5431 20 2013-10-31 2013-11-30
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
34 CVE-2013-5430 255 +Info 2013-10-27 2013-10-28
5.5
None Remote Low Single system Partial Partial None
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.
35 CVE-2013-5428 264 DoS 2013-10-22 2013-10-22
7.1
None Remote Medium Not required None None Complete
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
36 CVE-2013-5426 287 2013-12-19 2013-12-20
4.9
None Local Network Medium Single system Partial Partial Partial
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.
37 CVE-2013-5425 79 XSS 2013-11-17 2013-11-19
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
38 CVE-2013-5424 264 Bypass 2013-10-25 2013-10-28
6.8
None Remote Medium Not required Partial Partial Partial
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
39 CVE-2013-5422 200 +Info 2013-12-19 2013-12-20
4.3
None Remote Medium Not required Partial None None
The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.
40 CVE-2013-5421 79 XSS 2013-12-22 2013-12-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
41 CVE-2013-5420 264 2013-12-23 2013-12-24
3.5
None Remote Medium Single system Partial None None
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
42 CVE-2013-5419 119 Overflow +Priv 2013-10-04 2013-12-05
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
43 CVE-2013-5418 79 XSS 2013-11-18 2013-11-19
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
44 CVE-2013-5417 79 XSS 2013-11-18 2013-11-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.
45 CVE-2013-5416 +Priv 2013-12-18 2013-12-18
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
46 CVE-2013-5415 119 Overflow +Priv 2013-12-18 2013-12-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
47 CVE-2013-5414 264 +Priv 2013-11-18 2013-11-19
3.5
None Remote Medium Single system None Partial None
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
48 CVE-2013-5413 287 Bypass 2013-12-21 2013-12-23
4.3
None Remote Medium Not required None Partial None
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
49 CVE-2013-5411 20 2013-12-21 2013-12-23
4.3
None Remote Medium Not required None Partial None
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.
50 CVE-2013-5409 89 Exec Code Sql 2013-12-21 2013-12-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 390   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.