Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-18 | CVE-2010-2324 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. | 7.5 |
2010-06-18 | CVE-2010-2323 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. | 5.0 |
2010-06-15 | CVE-2010-2280 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. network ibm | 4.3 |
2010-06-15 | CVE-2010-2279 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. | 7.6 |
2010-06-15 | CVE-2010-2278 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | 4.0 |
2010-06-15 | CVE-2010-2277 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0/2.5.0.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. | 4.3 |
2010-05-27 | CVE-2010-2090 | Improper Input Validation vulnerability in IBM Communications Server 6.1.3/6.3.1.0 The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | 5.0 |
2010-05-27 | CVE-2010-2087 | Cross-Site Scripting vulnerability in Oracle Mojarra 1.214/2.0.2 Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | 4.3 |
2010-05-20 | CVE-2010-1039 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | 10.0 |
2010-05-17 | CVE-2010-0777 | Improper Input Validation vulnerability in IBM Websphere Application Server The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | 2.6 |