| CVE-2010-5251 |
medium |
— |
6.9 |
|
|
ibm |
14y ago |
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory,… |
| CVE-2010-5204 |
medium |
— |
6.9 |
|
|
ibm |
14y ago |
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the… |
| CVE-2012-3325 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly … |
| CVE-2012-3312 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obta… |
| CVE-2012-3309 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote … |
| CVE-2012-3295 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. |
| CVE-2012-3302 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the… |
| CVE-2012-3301 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… |
| CVE-2012-3293 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8… |
| CVE-2012-2190 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1,… |
| CVE-2012-3296 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers… |
| CVE-2012-2168 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid paramete… |
| CVE-2012-2164 |
medium |
— |
5.5 |
|
|
ibm |
14y ago |
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to… |
| CVE-2012-0744 |
medium |
— |
6.0 |
EXP |
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcou… |
| CVE-2012-3308 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. |
| CVE-2012-3294 |
medium |
— |
7.8 |
EXP |
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… |
| CVE-2012-2191 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a … |
| CVE-2012-0723 |
medium |
— |
4.9 |
|
|
ibm |
14y ago |
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a c… |
| CVE-2012-2196 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proce… |
| CVE-2012-2194 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to repla… |
| CVE-2012-2955 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … |
| CVE-2012-2181 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. |
| CVE-2012-2172 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… |
| CVE-2012-2171 |
medium |
— |
7.5 |
EXP |
|
ibm |
14y ago |
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to e… |
| CVE-2012-0191 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request… |
| CVE-2012-0187 |
critical |
— |
9.3 |
|
|
ibm |
14y ago |
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
| CVE-2012-0186 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a cr… |
| CVE-2012-2192 |
medium |
— |
4.9 |
|
|
ibm |
14y ago |
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence … |
| CVE-2012-2180 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL po… |
| CVE-2012-2175 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argum… |
| CVE-2012-2174 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. |
| CVE-2012-2173 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain … |
| CVE-2012-2170 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request informati… |
| CVE-2012-2161 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Li… |
| CVE-2012-2159 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remot… |
| CVE-2012-0720 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject ar… |
| CVE-2012-0716 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2012-2176 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argum… |
| CVE-2012-0202 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or poss… |
| CVE-2012-0736 |
critical |
— |
9.3 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. |
| CVE-2012-0733 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio… |
| CVE-2012-0732 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… |
| CVE-2012-0731 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2012-0730 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ… |
| CVE-2012-0729 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and… |
| CVE-2012-2162 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to … |
| CVE-2012-0743 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. |
| CVE-2012-0740 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script … |
| CVE-2012-0726 |
medium |
— |
6.4 |
|
|
ibm |
14y ago |
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communic… |
| CVE-2012-0708 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attac… |
| CVE-2012-1837 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which… |
| CVE-2012-0719 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to th… |
| CVE-2012-1797 |
critical |
— |
10.0 |
|
|
ibm |
14y ago |
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. |
| CVE-2012-0712 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a … |
| CVE-2012-0710 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architect… |
| CVE-2012-0709 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by levera… |
| CVE-2012-0195 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Mana… |
| CVE-2011-4819 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via … |
| CVE-2011-4818 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phi… |
| CVE-2011-4817 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Ma… |
| CVE-2011-4816 |
medium |
— |
6.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Ser… |
| CVE-2011-1397 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7… |
| CVE-2011-1396 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the report… |
| CVE-2011-1395 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2011-1394 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service… |
| CVE-2012-0198 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to … |
| CVE-2012-0715 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to injec… |
| CVE-2012-0201 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long prof… |
| CVE-2012-0707 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with… |
| CVE-2012-0200 |
medium |
— |
5.0 |
EXP |
|
ibm |
15y ago |
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state… |
| CVE-2011-4890 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a su… |
| CVE-2012-1046 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than … |
| CVE-2012-0192 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PN… |
| CVE-2012-0193 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability … |
| CVE-2011-1389 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Se… |
| CVE-2011-1376 |
medium |
— |
4.6 |
|
|
ibm |
15y ago |
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/… |
| CVE-2012-0190 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers … |
| CVE-2012-0189 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary… |
| CVE-2012-0188 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execu… |
| CVE-2011-5065 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messag… |
| CVE-2011-1377 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS a… |
| CVE-2011-1362 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before … |
| CVE-2012-0696 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified request… |
| CVE-2011-1386 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.… |
| CVE-2011-1384 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigge… |
| CVE-2011-5048 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or … |
| CVE-2011-1392 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) S… |
| CVE-2011-1391 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the Inser… |
| CVE-2011-1388 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestC… |
| CVE-2011-4708 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1372 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. |
| CVE-2011-4465 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. |
| CVE-2011-4435 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers … |
| CVE-2009-0900 |
medium |
— |
4.1 |
|
|
ibm |
15y ago |
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition… |
| CVE-2011-1367 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a craf… |
| CVE-2009-2748 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary… |
| CVE-2009-2747 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict acc… |
| CVE-2011-1370 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attacker… |
| CVE-2011-1368 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files … |
| CVE-2010-0780 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. |
