Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-05 | CVE-2010-3734 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | 5.0 |
| 2010-10-05 | CVE-2010-3733 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. | 7.2 |
| 2010-10-05 | CVE-2010-3732 | Improper Input Validation vulnerability in IBM DB2 9.5 The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | 3.5 |
| 2010-10-05 | CVE-2010-3731 | Buffer Errors vulnerability in IBM DB2 9.5 Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string. | 10.0 |
| 2010-09-21 | CVE-2010-0781 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. | 4.0 |
| 2010-09-20 | CVE-2010-3475 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | 4.0 |
| 2010-09-20 | CVE-2010-3474 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | 5.0 |
| 2010-09-20 | CVE-2010-3473 | Improper Input Validation vulnerability in IBM Filenet P8 Application Engine 3.5.1 Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2010-09-20 | CVE-2010-3472 | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-09-20 | CVE-2010-3471 | Improper Authentication vulnerability in IBM Filenet P8 Application Engine 4.0.2 Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |