Vendor CVEs
IBM
All CVEs
8,290 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0720 | 0.00 | — | 0.02 | Jun 20, 2012 | Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-0717 | 0.00 | — | 0.01 | Jun 20, 2012 | IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | |||
| CVE-2012-0716 | 0.00 | — | 0.02 | Jun 20, 2012 | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1390 | 0.00 | — | 0.02 | May 14, 2012 | SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | |||
| CVE-2012-0745 | 0.00 | — | 0.00 | May 4, 2012 | The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2012-0737 | 0.00 | — | 0.01 | May 3, 2012 | Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0736 | 0.00 | — | 0.03 | May 3, 2012 | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||
| CVE-2012-0735 | 0.00 | — | 0.01 | May 3, 2012 | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. | |||
| CVE-2012-0734 | 0.00 | — | 0.01 | May 3, 2012 | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job. | |||
| CVE-2012-0733 | 0.00 | — | 0.01 | May 3, 2012 | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. | |||
| CVE-2012-0732 | 0.00 | — | 0.01 | May 3, 2012 | The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2012-0731 | 0.00 | — | 0.01 | May 3, 2012 | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2012-0730 | 0.00 | — | 0.01 | May 3, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||
| CVE-2012-0729 | 0.00 | — | 0.01 | May 3, 2012 | Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors. | |||
| CVE-2012-2162 | 0.00 | — | 0.01 | May 1, 2012 | The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers… | |||
| CVE-2012-0743 | 0.00 | — | 0.02 | Apr 22, 2012 | IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||
| CVE-2012-0740 | 0.00 | — | 0.02 | Apr 22, 2012 | Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0726 | 0.00 | — | 0.02 | Apr 22, 2012 | The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | |||
| CVE-2012-0742 | 0.00 | — | 0.00 | Apr 9, 2012 | IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. | |||
| CVE-2012-1844 | 0.00 | — | 0.04 | Mar 22, 2012 | The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for… | |||
| CVE-2012-1837 | 0.00 | — | 0.01 | Mar 22, 2012 | The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive… | |||
| CVE-2012-0719 | 0.00 | — | 0.01 | Mar 22, 2012 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. | |||
| CVE-2012-1797 | 0.00 | — | 0.02 | Mar 20, 2012 | IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | |||
| CVE-2012-1796 | 0.00 | — | 0.00 | Mar 20, 2012 | Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | |||
| CVE-2012-0712 | 0.00 | — | 0.02 | Mar 20, 2012 | The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | |||
| CVE-2012-0711 | 0.00 | — | 0.05 | Mar 20, 2012 | Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer… | |||
| CVE-2012-0710 | 0.00 | — | 0.03 | Mar 20, 2012 | IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. | |||
| CVE-2012-0709 | 0.00 | — | 0.02 | Mar 20, 2012 | IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. | |||
| CVE-2012-0195 | 0.00 | — | 0.02 | Mar 13, 2012 | Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2;… | |||
| CVE-2011-4819 | 0.00 | — | 0.01 | Mar 13, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. | |||
| CVE-2011-4818 | 0.00 | — | 0.01 | Mar 13, 2012 | Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. | |||
| CVE-2011-4817 | 0.00 | — | 0.01 | Mar 13, 2012 | The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and… | |||
| CVE-2011-4816 | 0.00 | — | 0.02 | Mar 13, 2012 | SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli… | |||
| CVE-2011-1397 | 0.00 | — | 0.01 | Mar 13, 2012 | Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service… | |||
| CVE-2011-1396 | 0.00 | — | 0.01 | Mar 13, 2012 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. | |||
| CVE-2011-1395 | 0.00 | — | 0.01 | Mar 13, 2012 | Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. | |||
| CVE-2011-1394 | 0.00 | — | 0.03 | Mar 13, 2012 | IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB)… | |||
| CVE-2012-0199 | 0.00 | — | 0.02 | Mar 6, 2012 | Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the… | |||
| CVE-2011-1385 | 0.00 | — | 0.04 | Mar 2, 2012 | IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. | |||
| CVE-2012-0715 | 0.00 | — | 0.01 | Mar 2, 2012 | Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0707 | 0.00 | — | 0.01 | Feb 23, 2012 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. | |||
| CVE-2011-4890 | 0.00 | — | 0.02 | Feb 21, 2012 | The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. | |||
| CVE-2012-1046 | 0.00 | — | 0.01 | Feb 10, 2012 | Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. | |||
| CVE-2012-0194 | 0.00 | — | 0.03 | Feb 6, 2012 | The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets. | |||
| CVE-2012-0192 | 0.00 | — | 0.05 | Jan 23, 2012 | Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer… | |||
| CVE-2012-0193 | 0.00 | — | 0.02 | Jan 20, 2012 | IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a… | |||
| CVE-2011-1376 | 0.00 | — | 0.00 | Jan 19, 2012 | iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard… | |||
| CVE-2012-0190 | 0.00 | — | 0.04 | Jan 18, 2012 | Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. | |||
| CVE-2012-0189 | 0.00 | — | 0.04 | Jan 18, 2012 | Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document. | |||
| CVE-2012-0188 | 0.00 | — | 0.04 | Jan 18, 2012 | Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. |
- CVE-2012-0720Jun 20, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2012-0717Jun 20, 2012risk 0.00cvss —epss 0.01
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.
- CVE-2012-0716Jun 20, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1390May 14, 2012risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
- CVE-2012-0745May 4, 2012risk 0.00cvss —epss 0.00
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
- CVE-2012-0737May 3, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0736May 3, 2012risk 0.00cvss —epss 0.03
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
- CVE-2012-0735May 3, 2012risk 0.00cvss —epss 0.01
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
- CVE-2012-0734May 3, 2012risk 0.00cvss —epss 0.01
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
- CVE-2012-0733May 3, 2012risk 0.00cvss —epss 0.01
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
- CVE-2012-0732May 3, 2012risk 0.00cvss —epss 0.01
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2012-0731May 3, 2012risk 0.00cvss —epss 0.01
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
- CVE-2012-0730May 3, 2012risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
- CVE-2012-0729May 3, 2012risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
- CVE-2012-2162May 1, 2012risk 0.00cvss —epss 0.01
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers…
- CVE-2012-0743Apr 22, 2012risk 0.00cvss —epss 0.02
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.
- CVE-2012-0740Apr 22, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0726Apr 22, 2012risk 0.00cvss —epss 0.02
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.
- CVE-2012-0742Apr 9, 2012risk 0.00cvss —epss 0.00
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
- CVE-2012-1844Mar 22, 2012risk 0.00cvss —epss 0.04
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for…
- CVE-2012-1837Mar 22, 2012risk 0.00cvss —epss 0.01
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive…
- CVE-2012-0719Mar 22, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.
- CVE-2012-1797Mar 20, 2012risk 0.00cvss —epss 0.02
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
- CVE-2012-1796Mar 20, 2012risk 0.00cvss —epss 0.00
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
- CVE-2012-0712Mar 20, 2012risk 0.00cvss —epss 0.02
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
- CVE-2012-0711Mar 20, 2012risk 0.00cvss —epss 0.05
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer…
- CVE-2012-0710Mar 20, 2012risk 0.00cvss —epss 0.03
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
- CVE-2012-0709Mar 20, 2012risk 0.00cvss —epss 0.02
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
- CVE-2012-0195Mar 13, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2;…
- CVE-2011-4819Mar 13, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
- CVE-2011-4818Mar 13, 2012risk 0.00cvss —epss 0.01
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.
- CVE-2011-4817Mar 13, 2012risk 0.00cvss —epss 0.01
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and…
- CVE-2011-4816Mar 13, 2012risk 0.00cvss —epss 0.02
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli…
- CVE-2011-1397Mar 13, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service…
- CVE-2011-1396Mar 13, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.
- CVE-2011-1395Mar 13, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
- CVE-2011-1394Mar 13, 2012risk 0.00cvss —epss 0.03
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB)…
- CVE-2012-0199Mar 6, 2012risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the…
- CVE-2011-1385Mar 2, 2012risk 0.00cvss —epss 0.04
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.
- CVE-2012-0715Mar 2, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0707Feb 23, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
- CVE-2011-4890Feb 21, 2012risk 0.00cvss —epss 0.02
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.
- CVE-2012-1046Feb 10, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.
- CVE-2012-0194Feb 6, 2012risk 0.00cvss —epss 0.03
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.
- CVE-2012-0192Jan 23, 2012risk 0.00cvss —epss 0.05
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer…
- CVE-2012-0193Jan 20, 2012risk 0.00cvss —epss 0.02
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a…
- CVE-2011-1376Jan 19, 2012risk 0.00cvss —epss 0.00
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard…
- CVE-2012-0190Jan 18, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
- CVE-2012-0189Jan 18, 2012risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
- CVE-2012-0188Jan 18, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
Page 144 of 166