Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-11 | CVE-2012-4820 | Remote Code Execution vulnerability in IBM Java Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." | 9.3 |
| 2013-01-01 | CVE-2012-5769 | XML Parsing Unspecified Security vulnerability in IBM SPSS Modeler IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. network ibm | 5.8 |
| 2012-12-28 | CVE-2012-0741 | Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 |
| 2012-12-28 | CVE-2012-0738 | Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 |
| 2012-12-26 | CVE-2012-5951 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | 7.2 |
| 2012-12-26 | CVE-2012-4816 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Automation Framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | 7.5 |
| 2012-12-21 | CVE-2012-5954 | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. | 6.4 |
| 2012-12-21 | CVE-2012-4859 | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. | 7.2 |
| 2012-12-20 | CVE-2012-5955 | Unspecified vulnerability in IBM Http Server and Websphere Application Server Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. | 10.0 |
| 2012-12-20 | CVE-2012-5765 | Information Exposure vulnerability in IBM Rational Clearquest The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. | 5.0 |