Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2011-10-29 CVE-2011-1370 Configuration vulnerability in IBM Lotus Sametime
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
network
low complexity
ibm CWE-16
5.0
2011-10-29 CVE-2011-1368 Information Exposure vulnerability in IBM Websphere Application Server 8.0.0.0
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors.
network
low complexity
ibm CWE-200
5.0
2011-10-29 CVE-2010-0780 Resource Management Errors vulnerability in IBM Websphere MQ
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
network
ibm CWE-399
4.3
2011-10-28 CVE-2011-1371 Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171.
network
ibm CWE-79
4.3
2011-10-28 CVE-2011-1360 Cross-Site Scripting vulnerability in IBM Http Server
Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/.
network
ibm CWE-79
4.3
2011-10-24 CVE-2011-4171 Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp.
network
ibm CWE-79
4.3
2011-10-18 CVE-2011-4061 Unspecified vulnerability in IBM DB2 and Tivoli Monitoring FOR Databases
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
local
ibm
6.9
2011-10-05 CVE-2011-3982 Resource Management Errors vulnerability in IBM AIX 6.1/7.1
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.
local
low complexity
ibm CWE-399
2.1
2011-09-20 CVE-2011-3577 Improper Authentication vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
network
low complexity
ibm CWE-287
critical
10.0
2011-09-19 CVE-2011-3576 Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.2
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.
network
ibm CWE-79
4.3