Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 184.108.40.206 iFix8, 6.0.4 before 220.127.116.11 iFix...
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 18.104.22.168, and 6.0.5 before 22.214.171.124 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 126.96.36.199 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 188.8.131.52 CF27, 6.1.5 through 184.108.40.206 CF27, 7.0.0 through 220.127.116.11 CF29, 8.0.0 before 18.104.22.168 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.