Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-03 | CVE-2010-0921 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Inotes Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 6.8 |
| 2010-03-03 | CVE-2010-0920 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 4.3 |
| 2010-03-03 | CVE-2010-0919 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Domino web Access and Lotus Inotes Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. | 7.6 |
| 2010-03-03 | CVE-2010-0918 | Security vulnerability in IBM Domino Web Access Prior to 229.281 Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. | 10.0 |
| 2010-02-26 | CVE-2010-0715 | Remote Security vulnerability in Websphere Portal Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. network ibm | 6.8 |
| 2010-02-26 | CVE-2010-0714 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2010-02-25 | CVE-2010-0704 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.0.1.5 Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. | 4.3 |
| 2010-02-08 | CVE-2010-0563 | Information Exposure vulnerability in IBM Websphere Application Server The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | 5.0 |
| 2010-02-05 | CVE-2010-0557 | Credentials Management vulnerability in IBM Cognos Express 9.0 IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | 7.5 |
| 2010-02-05 | CVE-2009-2752 | Cryptographic Issues vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | 1.5 |