Skip to main content
CVE-2013-3975 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
51.8%
Threat
4.1
CVE-2013-3982 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
37.2%
CVE-2013-3977 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
29.1%
CVE-2014-3866 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Usercake
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3267 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Security Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3015 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Sametime Proxy Server And Web Client
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5465 MEDIUM This Month

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011;. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Change And Configuration Management Database Maximo Service Desk +4
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-4016 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Change And Configuration Management Database Maximo Service Desk Tivoli Asset Management For It +4
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-3275 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Identity Services Engine Software
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-0849 MEDIUM This Month

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2013-5464 MEDIUM This Month

IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2014-3272 MEDIUM This Month

The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. Rated medium severity (CVSS 6.0). No vendor patch available.

Cisco Information Disclosure Tidal Enterprise Scheduler
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-0878 MEDIUM This Month

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Java Java Sdk
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-3980 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sametime
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3867 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3981 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6647 MEDIUM This Month

The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-3274 MEDIUM This Month

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Telepresence System Software
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3266 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0893 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management Smartcloud Control Desk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-3333 MEDIUM This Month

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Smartcloud Control Desk Maximo Asset Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0906 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3046 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-3276 MEDIUM This Month

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Identity Services Engine Software
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-6714 MEDIUM This Month

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Flashcopy Manager
NVD
CVSS 2.0
4.1
EPSS
0.1%
CVE-2013-6713 MEDIUM This Month

The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations,. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Manager For Virtual Environments
NVD
CVSS 2.0
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy