Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-25 | CVE-2008-5228 | Cross-Site Scripting vulnerability in IBM Workplace Content Management 6.0/6.1 Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." | 2.6 |
| 2008-11-12 | CVE-2008-5043 | Cross-Site Scripting vulnerability in IBM Metrica Service Assurance Framework Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report. | 3.5 |
| 2008-11-10 | CVE-2008-5035 | Resource Management Errors vulnerability in IBM Hardware Management Console 3.2.0/3.3.0 The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. | 5.0 |
| 2008-11-10 | CVE-2008-5011 | Cross-Site Scripting vulnerability in IBM Lotus Quickr Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. | 4.3 |
| 2008-10-31 | CVE-2008-4809 | Remote vulnerability in IBM Lotus Connections 2.0 Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. | 10.0 |
| 2008-10-31 | CVE-2008-4808 | Information Exposure vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. | 5.0 |
| 2008-10-31 | CVE-2008-4807 | Credentials Management vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2008-10-31 | CVE-2008-4806 | SQL Injection vulnerability in IBM Lotus Connections Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. | 7.5 |
| 2008-10-31 | CVE-2008-4805 | Cross-Site Scripting vulnerability in IBM Lotus Connections Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. | 4.3 |
| 2008-10-31 | CVE-2008-4801 | Buffer Errors vulnerability in IBM products Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | 10.0 |