VYPR

Vendor CVEs

IBM

All CVEs

8,290 total · sorted by risk
  • CVE-2012-0720Jun 20, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2012-0717Jun 20, 2012
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

  • CVE-2012-0716Jun 20, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1390May 14, 2012
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

  • CVE-2012-0745May 4, 2012
    risk 0.00cvss epss 0.00

    The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

  • CVE-2012-0737May 3, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-0736May 3, 2012
    risk 0.00cvss epss 0.03

    IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.

  • CVE-2012-0735May 3, 2012
    risk 0.00cvss epss 0.01

    IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.

  • CVE-2012-0734May 3, 2012
    risk 0.00cvss epss 0.01

    IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

  • CVE-2012-0733May 3, 2012
    risk 0.00cvss epss 0.01

    IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.

  • CVE-2012-0732May 3, 2012
    risk 0.00cvss epss 0.01

    The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2012-0731May 3, 2012
    risk 0.00cvss epss 0.01

    IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2012-0730May 3, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

  • CVE-2012-0729May 3, 2012
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.

  • CVE-2012-2162May 1, 2012
    risk 0.00cvss epss 0.01

    The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers…

  • CVE-2012-0743Apr 22, 2012
    risk 0.00cvss epss 0.02

    IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.

  • CVE-2012-0740Apr 22, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-0726Apr 22, 2012
    risk 0.00cvss epss 0.02

    The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

  • CVE-2012-0742Apr 9, 2012
    risk 0.00cvss epss 0.00

    IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.

  • CVE-2012-1844Mar 22, 2012
    risk 0.00cvss epss 0.04

    The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for…

  • CVE-2012-1837Mar 22, 2012
    risk 0.00cvss epss 0.01

    The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive…

  • CVE-2012-0719Mar 22, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.

  • CVE-2012-1797Mar 20, 2012
    risk 0.00cvss epss 0.02

    IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.

  • CVE-2012-1796Mar 20, 2012
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

  • CVE-2012-0712Mar 20, 2012
    risk 0.00cvss epss 0.02

    The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

  • CVE-2012-0711Mar 20, 2012
    risk 0.00cvss epss 0.05

    Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer…

  • CVE-2012-0710Mar 20, 2012
    risk 0.00cvss epss 0.03

    IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.

  • CVE-2012-0709Mar 20, 2012
    risk 0.00cvss epss 0.02

    IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

  • CVE-2012-0195Mar 13, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2;…

  • CVE-2011-4819Mar 13, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

  • CVE-2011-4818Mar 13, 2012
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

  • CVE-2011-4817Mar 13, 2012
    risk 0.00cvss epss 0.01

    The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and…

  • CVE-2011-4816Mar 13, 2012
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli…

  • CVE-2011-1397Mar 13, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service…

  • CVE-2011-1396Mar 13, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.

  • CVE-2011-1395Mar 13, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.

  • CVE-2011-1394Mar 13, 2012
    risk 0.00cvss epss 0.03

    IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB)…

  • CVE-2012-0199Mar 6, 2012
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the…

  • CVE-2011-1385Mar 2, 2012
    risk 0.00cvss epss 0.04

    IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

  • CVE-2012-0715Mar 2, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-0707Feb 23, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.

  • CVE-2011-4890Feb 21, 2012
    risk 0.00cvss epss 0.02

    The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.

  • CVE-2012-1046Feb 10, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.

  • CVE-2012-0194Feb 6, 2012
    risk 0.00cvss epss 0.03

    The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

  • CVE-2012-0192Jan 23, 2012
    risk 0.00cvss epss 0.05

    Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer…

  • CVE-2012-0193Jan 20, 2012
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a…

  • CVE-2011-1376Jan 19, 2012
    risk 0.00cvss epss 0.00

    iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard…

  • CVE-2012-0190Jan 18, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.

  • CVE-2012-0189Jan 18, 2012
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.

  • CVE-2012-0188Jan 18, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.

Page 144 of 166