| CVE-2012-0740 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script … |
| CVE-2012-0726 |
medium |
— |
6.4 |
|
|
ibm |
14y ago |
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communic… |
| CVE-2012-1844 |
high |
— |
7.5 |
|
|
quantumdellibm |
14y ago |
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape li… |
| CVE-2012-1837 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which… |
| CVE-2012-0719 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to th… |
| CVE-2012-1796 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
14y ago |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. |
| CVE-2012-0712 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a … |
| CVE-2012-0711 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
14y ago |
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to … |
| CVE-2012-0710 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architect… |
| CVE-2012-0709 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by levera… |
| CVE-2012-0195 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Mana… |
| CVE-2011-4819 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via … |
| CVE-2011-4818 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phi… |
| CVE-2011-4817 |
medium |
— |
4.0 |
|
|
ibm |
14y ago |
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Ma… |
| CVE-2011-4816 |
medium |
— |
6.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Ser… |
| CVE-2011-1397 |
medium |
— |
6.8 |
|
|
ibm |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7… |
| CVE-2011-1396 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the report… |
| CVE-2011-1395 |
medium |
— |
4.3 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2011-1394 |
medium |
— |
5.0 |
|
|
ibm |
14y ago |
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service… |
| CVE-2012-0199 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to th… |
| CVE-2011-1385 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a diffe… |
| CVE-2012-0715 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to injec… |
| CVE-2012-0707 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with… |
| CVE-2012-0200 |
medium |
— |
5.0 |
EXP |
|
ibm |
15y ago |
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state… |
| CVE-2011-4890 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a su… |
| CVE-2012-1046 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than … |
| CVE-2012-0193 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability … |
| CVE-2011-1376 |
medium |
— |
4.6 |
|
|
ibm |
15y ago |
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/… |
| CVE-2011-5065 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messag… |
| CVE-2011-1362 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before … |
| CVE-2012-0696 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified request… |
| CVE-2011-1386 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.… |
| CVE-2011-1384 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigge… |
| CVE-2011-5048 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or … |
| CVE-2011-1393 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted … |
| CVE-2011-4708 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-4668 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. |
| CVE-2011-1372 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. |
| CVE-2011-4465 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. |
| CVE-2011-4435 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers … |
| CVE-2009-0900 |
medium |
— |
4.1 |
|
|
ibm |
15y ago |
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition… |
| CVE-2011-1366 |
high |
— |
8.8 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary … |
| CVE-2009-2748 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary… |
| CVE-2009-2747 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict acc… |
| CVE-2011-1370 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attacker… |
| CVE-2011-1368 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files … |
| CVE-2010-0780 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. |
| CVE-2011-1371 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an U… |
| CVE-2011-1360 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web s… |
| CVE-2011-4171 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to … |
| CVE-2011-4061 |
medium |
— |
6.9 |
|
|
ibm |
15y ago |
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain… |
| CVE-2011-3576 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to … |
| CVE-2011-3391 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to re… |
| CVE-2011-3390 |
medium |
— |
5.3 |
EXP |
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informi… |
| CVE-2011-1359 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to r… |
| CVE-2011-3387 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a clas… |
| CVE-2011-3140 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same pa… |
| CVE-2011-3138 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 re… |
| CVE-2009-5083 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an Op… |
| CVE-2008-7299 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Iss… |
| CVE-2011-1357 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows… |
| CVE-2011-3124 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al… |
| CVE-2011-3123 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows … |
| CVE-2011-2893 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value refe… |
| CVE-2011-2888 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. |
| CVE-2011-2887 |
medium |
— |
4.3 |
|
linux-kernel |
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. |
| CVE-2011-2886 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets. |
| CVE-2011-2885 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. |
| CVE-2011-1355 |
medium |
— |
5.8 |
|
|
ibm |
15y ago |
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing… |
| CVE-2010-3271 |
medium |
— |
7.8 |
EXP |
|
ibm |
15y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote… |
| CVE-2011-2759 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication field… |
| CVE-2011-2758 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remo… |
| CVE-2011-2754 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, al… |
| CVE-2011-1223 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.… |
| CVE-2011-1222 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2… |
| CVE-2011-1224 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner… |
| CVE-2011-2682 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access w… |
| CVE-2011-2679 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-2607 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. |
| CVE-2011-2606 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Ite… |
| CVE-2011-2173 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via request… |
| CVE-2011-2172 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4806 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain r… |
| CVE-2011-2144 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in a… |
| CVE-2011-2143 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account n… |
| CVE-2011-2142 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. |
| CVE-2011-2141 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1208 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an… |
| CVE-2011-1209 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext dat… |
| CVE-2011-1847 |
medium |
— |
4.9 |
|
|
ibm |
15y ago |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABL… |
| CVE-2011-1846 |
medium |
— |
6.5 |
|
|
ibm |
15y ago |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by le… |
| CVE-2011-1839 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session I… |
| CVE-2011-1821 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. |
| CVE-2010-4789 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0… |
| CVE-2010-4788 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial o… |
| CVE-2010-4787 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers impro… |
| CVE-2010-4786 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demons… |
| CVE-2010-4785 |
medium |
— |
4.0 |
|
linux-kernel |
ibm |
15y ago |
The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause… |
| CVE-2009-5073 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested g… |
| CVE-2009-5072 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memo… |
