Skip to main content
CVE-2014-3081 MEDIUM POC THREAT This Month

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

IBM PHP Information Disclosure Global Console Manager 16 Firmware Global Console Manager 32 Firmware
NVD Exploit-DB
CVSS 2.0
6.3
EPSS
10.8%
CVE-2014-3080 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS PHP Global Console Manager 16 Firmware Global Console Manager 32 Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.4%
CVE-2014-0969 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM CSRF Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0966 MEDIUM This Month

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-4775 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3900 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Piwigo
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3905 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Shutter
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3087 MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy