Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3760 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2010-10-06 | 7.8 HIGH | N/A |
| FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data. NOTE: this might overlap CVE-2010-3061. | |||||
| CVE-2010-3739 | 1 Ibm | 1 Db2 Universal Database | 2010-10-05 | 6.4 MEDIUM | N/A |
| The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | |||||
| CVE-2010-3470 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-3472 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2008-7261 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 2.1 LOW | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | |||||
| CVE-2006-7241 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
| CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 2.6 LOW | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2009-4999 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2009-5000 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | |||||
| CVE-2009-5001 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
| CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 6.4 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | |||||
| CVE-2010-3398 | 1 Ibm | 1 Lotus Sametime | 2010-09-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | |||||
| CVE-2010-3317 | 1 Ibm | 1 Filenet Content Manager | 2010-09-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3318 | 1 Ibm | 1 Filenet Content Manager | 2010-09-13 | 5.0 MEDIUM | N/A |
| IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2010-3319 | 1 Ibm | 1 Filenet Content Manager | 2010-09-13 | 5.0 MEDIUM | N/A |
| IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | |||||
| CVE-2010-3320 | 1 Ibm | 1 Filenet Content Manager | 2010-09-13 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-3058 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2010-08-23 | 7.5 HIGH | N/A |
| The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors. | |||||