Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4693 | Information Exposure vulnerability in IBM DB2 The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | 5.0 |
| 2008-10-22 | CVE-2008-4692 | Remote Security vulnerability in DB2 The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | 10.0 |
| 2008-10-22 | CVE-2008-4691 | Denial-Of-Service vulnerability in IBM DB2 8.2/9.1 Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | 5.0 |
| 2008-10-22 | CVE-2008-4679 | Improper Authentication vulnerability in IBM Websphere Application Server The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | 6.8 |
| 2008-10-22 | CVE-2008-4678 | Resource Management Errors vulnerability in IBM Websphere Application Server The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | 7.8 |
| 2008-10-15 | CVE-2008-4581 | Permissions, Privileges, and Access Controls vulnerability in IBM Enovia Smarteam 5 The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | 4.0 |
| 2008-10-09 | CVE-2008-4507 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | 7.5 |
| 2008-10-09 | CVE-2008-4506 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | 7.5 |
| 2008-10-09 | CVE-2008-4505 | Improper Input Validation vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. | 7.8 |
| 2008-10-03 | CVE-2008-4404 | Improper Input Validation vulnerability in IBM Zseries The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | 10.0 |