Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2012-09-25 CVE-2012-3298 Denial-Of-Service vulnerability in IBM Websphere Commerce 7.0
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
network
low complexity
ibm
critical
 10.0
10
2012-09-25 CVE-2012-2199 Resource Management Errors vulnerability in IBM Websphere MQ
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.
network
low complexity
ibm oracle CWE-399
5.0
5.0
2012-09-25 CVE-2012-2187 Cryptographic Issues vulnerability in IBM Remote Supervisor Adapter II Firmware
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
ibm CWE-310
5.0
5.0
2012-09-14 CVE-2012-4817 Unspecified vulnerability in IBM AIX and Vios
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
ibm
5.0
5.0
2012-09-10 CVE-2012-3326 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2012-09-10 CVE-2012-3313 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2012-09-10 CVE-2012-2185 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
4.0
2012-09-10 CVE-2012-2184 Unspecified vulnerability in IBM products
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
network
ibm
6.8
6.8
2012-09-10 CVE-2012-2183 Unspecified vulnerability in IBM products
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
network
ibm
6.8
6.8
2012-09-10 CVE-2012-0747 SQL Injection vulnerability in IBM products
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5