Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-04-22 | CVE-2012-0740 | Cross-Site Scripting vulnerability in IBM Tivoli Directory Server Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-04-22 | CVE-2012-0726 | Cryptographic Issues vulnerability in IBM Tivoli Directory Server The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | 6.4 |
2012-04-22 | CVE-2012-0708 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearquest Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. | 9.3 |
2012-04-09 | CVE-2012-0742 | Information Exposure vulnerability in IBM Tivoli Event Pump 4.2.2 IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. | 1.9 |
2012-03-22 | CVE-2012-1844 | Credentials Management vulnerability in multiple products The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | 7.5 |
2012-03-22 | CVE-2012-1837 | Information Exposure vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1 The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2012-03-22 | CVE-2012-0719 | Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. | 4.3 |
2012-03-20 | CVE-2012-1797 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | 10.0 |
2012-03-20 | CVE-2012-1796 | Local Security vulnerability in IBM DB2 9.5 Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | 7.2 |
2012-03-20 | CVE-2012-0712 | Resource Management Errors vulnerability in IBM DB2 9.5/9.7/9.8 The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | 4.0 |