Skip to main content
CVE-2013-0499 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware +11
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2989 MEDIUM This Month

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2013-0599 MEDIUM This Month

IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Rational Directory Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0576 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Monitoring
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy