Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-13 | CVE-2011-1394 | Resource Management Errors vulnerability in IBM products IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session. | 5.0 |
| 2012-03-06 | CVE-2012-0199 | SQL Injection vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. | 7.5 |
| 2012-03-06 | CVE-2012-0198 | Unspecified vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file. | 9.3 |
| 2012-03-02 | CVE-2011-1385 | Resource Management Errors vulnerability in IBM AIX and Vios IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. | 7.8 |
| 2012-03-02 | CVE-2012-0715 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-03-02 | CVE-2012-0201 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Personal Communications 5.9.7.0/5.9.7.1/6.0.3.0 Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. | 9.3 |
| 2012-02-23 | CVE-2012-0707 | Cross-Site Scripting vulnerability in IBM Websphere Application Server 7.2 Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. | 4.3 |
| 2012-02-21 | CVE-2012-0200 | Unspecified vulnerability in IBM Soliddb The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. | 4.0 |
| 2012-02-21 | CVE-2011-4890 | Improper Input Validation vulnerability in IBM Soliddb The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. | 4.0 |
| 2012-02-10 | CVE-2012-1046 | Cross-Site Scripting vulnerability in IBM Cognos TM1 9.5.2 Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. | 4.3 |