Os\/400
by IBM
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2002-1731 | 0.03 | — | 0.02 | Dec 31, 2002 | The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. | ||
| CVE-2009-2030 | 0.00 | — | 0.01 | Jun 11, 2009 | Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | ||
| CVE-2008-2709 | 0.00 | — | 0.00 | Jun 16, 2008 | Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. | ||
| CVE-2008-0694 | 0.00 | — | 0.00 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | ||
| CVE-2007-3537 | 0.00 | — | 0.01 | Jul 3, 2007 | IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | ||
| CVE-2007-0442 | 0.00 | — | 0.00 | Jan 23, 2007 | Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | ||
| CVE-2006-6836 | 0.00 | — | 0.01 | Dec 31, 2006 | Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. | ||
| CVE-2005-0899 | 0.00 | — | 0.00 | May 2, 2005 | AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search. | ||
| CVE-2005-1182 | 0.00 | — | 0.01 | May 2, 2005 | Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. |
- CVE-2002-1731Dec 31, 2002risk 0.03cvss —epss 0.02
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
- CVE-2009-2030Jun 11, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
- CVE-2008-2709Jun 16, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.
- CVE-2008-0694Feb 12, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
- CVE-2007-3537Jul 3, 2007risk 0.00cvss —epss 0.01
IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
- CVE-2007-0442Jan 23, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
- CVE-2006-6836Dec 31, 2006risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
- CVE-2005-0899May 2, 2005risk 0.00cvss —epss 0.00
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
- CVE-2005-1182May 2, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.