| CVE-2012-0738 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL serv… |
| CVE-2012-5954 |
medium |
— |
6.4 |
|
|
ibm |
14y ago |
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system ob… |
| CVE-2012-5765 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a… |
| CVE-2012-4839 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. |
| CVE-2012-4848 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-att… |
| CVE-2012-4846 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensiti… |
| CVE-2012-3329 |
low |
— |
3.3 |
|
linux-kernel |
ibm |
14y ago |
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via… |
| CVE-2012-3297 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows rem… |
| CVE-2012-4862 |
low |
— |
2.1 |
|
|
ibm |
14y ago |
The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via u… |
| CVE-2012-3317 |
medium |
— |
6.9 |
|
|
ibm |
14y ago |
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow loc… |
| CVE-2012-4834 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files… |
| CVE-2012-4841 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unk… |
| CVE-2012-4853 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hij… |
| CVE-2012-4851 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |
| CVE-2012-4847 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte. |
| CVE-2012-3330 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of se… |
| CVE-2012-3315 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require a… |
| CVE-2012-4845 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by le… |
| CVE-2012-5309 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via … |
| CVE-2012-5308 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users f… |
| CVE-2012-5307 |
low |
— |
2.6 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or … |
| CVE-2012-4825 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via … |
| CVE-2012-4824 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing at… |
| CVE-2012-3314 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted … |
| CVE-2012-4833 |
low |
— |
2.1 |
|
|
ibm |
14y ago |
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. |
| CVE-2012-4830 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. |
| CVE-2012-3319 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer p… |
| CVE-2012-0748 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitra… |
| CVE-2012-3311 |
low |
— |
3.3 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIO… |
| CVE-2012-3306 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from… |
| CVE-2012-3305 |
medium |
— |
6.4 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite a… |
| CVE-2012-3304 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions vi… |
| CVE-2012-3300 |
low |
— |
2.6 |
|
|
ibm |
14y ago |
IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified ve… |
| CVE-2012-2199 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid add… |
| CVE-2012-2187 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mec… |
| CVE-2012-4817 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via … |
| CVE-2012-3326 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, a… |
| CVE-2012-3313 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Ser… |
| CVE-2012-2185 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Mana… |
| CVE-2012-2184 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk,… |
| CVE-2012-2183 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk,… |
| CVE-2012-0747 |
medium |
— |
6.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… |
| CVE-2012-0746 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, a… |
| CVE-2012-0728 |
medium |
— |
6.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… |
| CVE-2012-0727 |
medium |
— |
6.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and… |
| CVE-2012-0714 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Max… |
| CVE-2010-5251 |
medium |
— |
6.9 |
|
|
ibm |
14y ago |
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory,… |
| CVE-2010-5204 |
medium |
— |
6.9 |
|
|
ibm |
14y ago |
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the… |
| CVE-2012-3325 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly … |
| CVE-2012-3312 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obta… |
| CVE-2012-3309 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote … |
| CVE-2012-3295 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. |
| CVE-2012-0713 |
low |
— |
3.5 |
|
linux-kernel |
ibm |
14y ago |
Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. |
| CVE-2012-3302 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the… |
| CVE-2012-3301 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… |
| CVE-2012-3293 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8… |
| CVE-2012-2190 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1,… |
| CVE-2012-3296 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers… |
| CVE-2012-2205 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspac… |
| CVE-2012-2169 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web s… |
| CVE-2012-2168 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid paramete… |
| CVE-2012-2165 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. |
| CVE-2012-2164 |
medium |
— |
5.5 |
|
|
ibm |
14y ago |
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to… |
| CVE-2012-0744 |
medium |
— |
6.0 |
EXP |
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcou… |
| CVE-2012-3308 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. |
| CVE-2012-3294 |
medium |
— |
7.8 |
EXP |
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… |
| CVE-2012-2206 |
low |
— |
4.5 |
EXP |
|
ibm |
14y ago |
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as … |
| CVE-2012-2191 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a … |
| CVE-2012-0723 |
medium |
— |
4.9 |
|
|
ibm |
14y ago |
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a c… |
| CVE-2012-2202 |
low |
— |
4.5 |
EXP |
|
ibm |
14y ago |
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat… |
| CVE-2012-2196 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proce… |
| CVE-2012-2194 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to repla… |
| CVE-2012-2955 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … |
| CVE-2012-2181 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. |
| CVE-2012-2172 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… |
| CVE-2012-2171 |
medium |
— |
7.5 |
EXP |
|
ibm |
14y ago |
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to e… |
| CVE-2012-0191 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request… |
| CVE-2012-0186 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a cr… |
| CVE-2012-2192 |
medium |
— |
4.9 |
|
|
ibm |
14y ago |
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence … |
| CVE-2012-2180 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL po… |
| CVE-2012-2173 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain … |
| CVE-2012-2170 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request informati… |
| CVE-2012-2161 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Li… |
| CVE-2012-2159 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remot… |
| CVE-2012-0720 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject ar… |
| CVE-2012-0717 |
low |
— |
2.6 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication … |
| CVE-2012-0716 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2012-0737 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0733 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio… |
| CVE-2012-0732 |
medium |
— |
5.8 |
|
|
ibm |
14y ago |
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… |
| CVE-2012-0731 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2012-0730 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ… |
| CVE-2012-0729 |
medium |
— |
6.0 |
|
|
ibm |
14y ago |
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and… |
| CVE-2012-2162 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to … |
| CVE-2012-0743 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. |
| CVE-2012-0740 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script … |
| CVE-2012-0726 |
medium |
— |
6.4 |
|
|
ibm |
14y ago |
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communic… |
| CVE-2012-0742 |
low |
— |
1.9 |
|
|
ibm |
14y ago |
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitiv… |
| CVE-2012-1837 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which… |
| CVE-2012-0719 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to th… |
