CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2013 (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5463 264 Bypass 2013-11-29 2014-03-05
4.3
None Remote Medium Not required None Partial None
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file.
2 CVE-2013-5424 264 Bypass 2013-10-25 2013-10-28
6.8
None Remote Medium Not required Partial Partial Partial
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
3 CVE-2013-5413 287 Bypass 2013-12-21 2013-12-23
4.3
None Remote Medium Not required None Partial None
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
4 CVE-2013-5407 20 Bypass +Info 2013-12-21 2013-12-23
4.9
None Remote Medium Single system Partial Partial None
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.
5 CVE-2013-5398 Bypass +Info 2013-12-18 2013-12-18
3.3
None Local Network Low Not required Partial None None
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.
6 CVE-2013-5397 Bypass +Info 2013-12-18 2013-12-18
3.3
None Local Network Low Not required Partial None None
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.
7 CVE-2013-5395 Bypass 2013-10-01 2013-10-10
7.5
None Remote Low Not required Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.
8 CVE-2013-4825 Bypass 2013-10-13 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.
9 CVE-2013-4824 287 Bypass 2013-10-13 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
10 CVE-2013-4039 200 Bypass +Info 2013-08-28 2013-09-11
4.0
None Remote Low Single system Partial None None
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.
11 CVE-2013-4027 264 Bypass 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
12 CVE-2013-4022 255 Bypass 2013-09-25 2013-10-15
3.5
None Remote Medium Single system Partial None None
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.
13 CVE-2013-4020 Bypass 2013-10-01 2013-10-10
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
14 CVE-2013-3971 264 Bypass 2013-10-01 2013-10-10
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
15 CVE-2013-3049 Bypass 2013-10-01 2013-10-10
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.
16 CVE-2013-3005 264 Bypass 2013-07-06 2013-12-05
8.5
None Remote Medium Single system Complete Complete Complete
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
17 CVE-2013-2989 264 Bypass 2013-05-28 2013-05-29
6.8
None Local Low Single system Complete Complete Complete
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.
18 CVE-2013-2961 20 Bypass 2013-06-21 2013-06-24
4.3
None Remote Medium Not required None Partial None
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
19 CVE-2013-0600 Bypass 2013-05-09 2013-05-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors.
20 CVE-2013-0577 264 Bypass 2013-10-10 2013-10-10
5.2
None Local Network Low Single system Partial Partial Partial
The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors.
21 CVE-2013-0543 264 Bypass 2013-04-24 2013-04-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
22 CVE-2013-0540 287 Bypass 2013-04-24 2013-04-24
3.5
None Remote Medium Single system None Partial None
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
23 CVE-2013-0479 264 Bypass 2013-07-03 2013-10-11
4.0
None Remote Low Single system None Partial None
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename.
24 CVE-2013-0127 264 Exec Code Bypass 2013-05-01 2013-05-01
5.8
None Remote Medium Not required Partial Partial None
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.
25 CVE-2012-6357 264 +Priv Bypass 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
26 CVE-2012-6354 287 Bypass 2013-02-19 2013-02-20
7.5
None Remote Low Not required Partial Partial Partial
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
27 CVE-2012-5938 264 Bypass 2013-03-20 2013-03-21
7.2
None Local Low Not required Complete Complete Complete
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
28 CVE-2012-3321 264 Bypass 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password.
29 CVE-2012-0700 255 Bypass 2013-01-31 2013-01-31
1.9
None Local Medium Not required None Partial None
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
30 CVE-2012-0205 264 DoS Bypass 2013-01-31 2013-01-31
6.5
None Remote Low Single system Partial Partial Partial
InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.