Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-24 | CVE-2014-6271 | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | 9.8 |
| 2014-08-29 | CVE-2014-4806 | Insufficiently Protected Credentials vulnerability in IBM Security Appscan The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | 5.5 |
| 2014-07-07 | CVE-2013-3993 | Path Traversal vulnerability in IBM Infosphere Biginsights IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | 6.5 |
| 2008-05-09 | CVE-2008-2122 | Missing Release of Resource after Effective Lifetime vulnerability in IBM Rational Build Forge 7.0.2 IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | 7.5 |
| 2007-10-29 | CVE-2007-5544 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | 7.8 |
| 2007-07-18 | CVE-2007-3268 | Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2 The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | 7.5 |
| 2005-12-31 | CVE-2005-4868 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
| 2003-08-18 | CVE-2003-0578 | Link Following vulnerability in IBM U2 Universe 10.0.0.9 cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | 7.8 |
| 2000-06-08 | CVE-2000-0497 | Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2 IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |