Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-28 | CVE-2011-1360 | Cross-Site Scripting vulnerability in IBM Http Server Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. | 4.3 |
| 2011-10-24 | CVE-2011-4171 | Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1 Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. | 4.3 |
| 2011-10-18 | CVE-2011-4061 | Unspecified vulnerability in IBM DB2 and Tivoli Monitoring FOR Databases Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. local ibm | 6.9 |
| 2011-10-05 | CVE-2011-3982 | Resource Management Errors vulnerability in IBM AIX 6.1/7.1 The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs. | 2.1 |
| 2011-09-20 | CVE-2011-3577 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | 10.0 |
| 2011-09-19 | CVE-2011-3576 | Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.2 Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. | 4.3 |
| 2011-09-19 | CVE-2011-3575 | Buffer Errors vulnerability in IBM Lotus Domino 8.5.2 Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. | 9.0 |
| 2011-09-08 | CVE-2011-3391 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Build Forge 7.1.2 IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu. | 4.0 |
| 2011-09-06 | CVE-2011-3390 | Cross-Site Scripting vulnerability in IBM Openadmin Tool Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. | 4.3 |
| 2011-09-06 | CVE-2011-1359 | Path Traversal vulnerability in IBM Websphere Application Server Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |