Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-04 | CVE-2009-2750 | Configuration vulnerability in IBM Websphere Service Registry and Repository 6.3.0/6.3.0.1 IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | 5.5 |
| 2010-02-02 | CVE-2010-0472 | Remote Denial of Service vulnerability in IBM DB2 9.7.0.1 kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. | 5.0 |
| 2010-01-28 | CVE-2010-0462 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 9.1/9.5/9.7 Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | 6.5 |
| 2010-01-25 | CVE-2008-7253 | Configuration vulnerability in IBM Lotus Domino Server The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
| 2010-01-20 | CVE-2010-0358 | Buffer Errors vulnerability in IBM Lotus Domino 7.0/8.5.0.1 Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. | 10.0 |
| 2010-01-20 | CVE-2010-0357 | Cross-Site Scripting vulnerability in IBM Lotus web Content Management Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2010-01-14 | CVE-2010-0312 | Improper Input Validation vulnerability in IBM Tivoli Directory Server 6.2 The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request). | 5.0 |
| 2010-01-14 | CVE-2010-0311 | Privilege Escalation vulnerability in SUN Java System Identity Server 8.1.0.5/8.1.0.6 Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | 6.8 |
| 2010-01-09 | CVE-2010-0276 | Security vulnerability in IBM Domino web Access, Lotus Domino and Lotus Inotes IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU. | 10.0 |
| 2010-01-09 | CVE-2010-0275 | Security vulnerability in IBM Lotus Domino Web Access Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58. | 10.0 |