Skip to main content
CVE-2013-3975 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
51.8%
Threat
4.1
CVE-2013-3982 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
37.2%
CVE-2013-3977 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
29.1%
CVE-2014-3866 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Usercake
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-2196 CRITICAL Act Now

Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Cisco Code Injection Microsoft Wide Area Application Services
NVD
CVSS 2.0
9.3
EPSS
3.0%
CVE-2014-2504 CRITICAL Act Now

EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum D2
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2014-2607 HIGH This Week

Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE Operations Manager I
NVD
CVSS 2.0
8.5
EPSS
0.5%
CVE-2014-2201 HIGH This Week

The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os Nexus 7000 Nexus 7000 10 Slot +4
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-3261 HIGH This Week

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Buffer Overflow RCE Unified Computing System 6120Xp Fabric Interconnect Unified Computing System 6140Xp Fabric Interconnect +25
NVD
CVSS 2.0
7.6
EPSS
0.8%
CVE-2013-1191 HIGH This Week

Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Nx Os Nexus 7000 Nexus 7000 10 Slot +2
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2014-2200 HIGH This Week

Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-3267 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Security Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3015 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Sametime Proxy Server And Web Client
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5465 MEDIUM This Month

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011;. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Change And Configuration Management Database Maximo Service Desk +4
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-4016 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Change And Configuration Management Database Maximo Service Desk Tivoli Asset Management For It +4
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-3275 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Identity Services Engine Software
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-0849 MEDIUM This Month

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2013-5464 MEDIUM This Month

IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2014-3272 MEDIUM This Month

The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. Rated medium severity (CVSS 6.0). No vendor patch available.

Cisco Information Disclosure Tidal Enterprise Scheduler
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-0878 MEDIUM This Month

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Java Java Sdk
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-3980 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sametime
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3867 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3981 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6647 MEDIUM This Month

The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-3274 MEDIUM This Month

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Telepresence System Software
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3266 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0893 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-3333 MEDIUM This Month

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Smartcloud Control Desk Maximo Asset Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0906 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3046 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-3276 MEDIUM This Month

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Identity Services Engine Software
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-6714 MEDIUM This Month

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Flashcopy Manager
NVD
CVSS 2.0
4.1
EPSS
0.1%
CVE-2013-6713 MEDIUM This Month

The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations,. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Manager For Virtual Environments
NVD
CVSS 2.0
4.1
EPSS
0.1%
CVE-2014-0825 LOW Monitor

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Change And Configuration Management Database Maximo Service Desk Tivoli It Asset Management For It +3
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3014 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6741 LOW Monitor

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Maximo Asset Management Change And Configuration Management Database Maximo Service Desk +4
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2998 LOW Monitor

frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Smartcloud Control Desk Maximo Asset Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0824 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Change And Configuration Management Database Maximo Service Desk Tivoli It Asset Management For It +2
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5460 LOW Monitor

IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3984 LOW Monitor

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers. Rated low severity (CVSS 2.9). No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
2.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy