Filtered by vendor Ibm
Subscribe
Total
6982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-5062 | 1 Ibm | 3 Aix, Lotus Domino, Lotus Quickr | 2023-12-10 | 3.5 LOW | N/A |
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. | |||||
CVE-2011-0918 | 1 Ibm | 1 Lotus Domino | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE. | |||||
CVE-2010-3398 | 1 Ibm | 1 Lotus Sametime | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | |||||
CVE-2010-4602 | 1 Ibm | 1 Rational Clearquest | 2023-12-10 | 4.0 MEDIUM | N/A |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. | |||||
CVE-2010-4274 | 1 Ibm | 1 Director Agent | 2023-12-10 | 4.4 MEDIUM | N/A |
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | |||||
CVE-2008-7261 | 1 Ibm | 1 Filenet P8 Application Engine | 2023-12-10 | 2.1 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | |||||
CVE-2010-2087 | 3 Caucho, Ibm, Oracle | 3 Resin, Websphere Application Server, Mojarra | 2023-12-10 | 4.3 MEDIUM | N/A |
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | |||||
CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2023-12-10 | 3.5 LOW | N/A |
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | |||||
CVE-2011-1310 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 1.9 LOW | N/A |
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. | |||||
CVE-2011-1046 | 1 Ibm | 3 Filenet P8 Business Process Manager, Filenet P8 Content Engine, Filenet P8 Content Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. | |||||
CVE-2011-5048 | 1 Ibm | 1 Web Experience Factory | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. | |||||
CVE-2010-2655 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter. | |||||
CVE-2010-3058 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 7.5 HIGH | N/A |
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors. | |||||
CVE-2010-0775 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | |||||
CVE-2011-3577 | 1 Ibm | 1 Websphere Commerce | 2023-12-10 | 10.0 HIGH | N/A |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | |||||
CVE-2010-4593 | 1 Ibm | 1 Lotus Mobile Connect | 2023-12-10 | 4.0 MEDIUM | N/A |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices. | |||||
CVE-2010-2068 | 4 Apache, Ibm, Microsoft and 1 more | 4 Http Server, Os2, Windows and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. | |||||
CVE-2010-1348 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. | |||||
CVE-2011-2884 | 1 Ibm | 1 Lotus Symphony | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." | |||||
CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2023-12-10 | 2.6 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. |