Vulnerabilities > IBM > Iseries AS 400
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1238 | Remote Security vulnerability in Iseries As 400 By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | 7.5 |
2005-05-02 | CVE-2005-1133 | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
2005-05-02 | CVE-2005-1025 | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |