Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-20 | CVE-2012-2167 | Remote Denial of Service vulnerability in IBM products The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | 7.8 |
| 2012-10-20 | CVE-2012-4845 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 6.8 |
| 2012-10-20 | CVE-2012-4826 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 8.5 |
| 2012-10-08 | CVE-2012-5309 | Improper Authentication vulnerability in IBM Lotus Notes Traveler servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 6.8 |
| 2012-10-08 | CVE-2012-5308 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Notes Traveler Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. | 6.8 |
| 2012-10-08 | CVE-2012-5307 | Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. | 2.6 |
| 2012-10-08 | CVE-2012-4825 | Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. | 4.3 |
| 2012-10-08 | CVE-2012-4824 | Improper Input Validation vulnerability in IBM Lotus Notes Traveler Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. | 5.8 |
| 2012-10-02 | CVE-2012-3314 | Improper Input Validation vulnerability in IBM products IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate. | 5.8 |
| 2012-10-01 | CVE-2012-4833 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | 2.1 |