Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-15 | CVE-2009-0120 | Improper Input Validation vulnerability in IBM Websphere Datapower XML Security Gateway Xs40 3.6.1.5 The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | 7.8 |
| 2008-12-19 | CVE-2008-5686 | Improper Authentication vulnerability in IBM Tivoli Provisioning Manager IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | 8.5 |
| 2008-12-19 | CVE-2008-5675 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." | 10.0 |
| 2008-12-10 | CVE-2008-5414 | Multiple Unspecified vulnerability in IBM Websphere Application Server 7.0 Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | 10.0 |
| 2008-12-10 | CVE-2008-5413 | Information Exposure vulnerability in IBM Websphere Application Server PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. | 5.0 |
| 2008-12-10 | CVE-2008-5412 | Multiple Unspecified vulnerability in IBM WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. | 10.0 |
| 2008-12-10 | CVE-2008-5411 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2008-12-09 | CVE-2008-5387 | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | 6.2 |
| 2008-12-09 | CVE-2008-5386 | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | 6.9 |
| 2008-12-09 | CVE-2008-5385 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2 enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | 6.9 |