Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-28 | CVE-2008-3852 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2008-08-08 | CVE-2008-3550 | Information Exposure vulnerability in IBM Rational Clearquest 7.0.1 The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | 5.0 |
| 2008-08-04 | CVE-2008-3423 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 7.5 |
| 2008-07-28 | CVE-2008-3349 | Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. | 10.0 |
| 2008-07-21 | CVE-2008-3236 | Cryptographic Issues vulnerability in IBM Websphere Application Server Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | 5.0 |
| 2008-07-21 | CVE-2008-3235 | Credentials Management vulnerability in IBM Websphere Application Server Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | 10.0 |
| 2008-07-14 | CVE-2008-3161 | Cross-Site Scripting vulnerability in IBM Maximo 4.1/5.2 Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. | 4.3 |
| 2008-07-14 | CVE-2008-3160 | Multiple Unspecified vulnerability in IBM Data ONTAP Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors. | 10.0 |
| 2008-06-30 | CVE-2008-2943 | Resource Management Errors vulnerability in IBM Tivoli Directory Server Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. | 6.0 |
| 2008-06-26 | CVE-2008-2880 | Buffer Errors vulnerability in IBM AFP Viewer Plug-In 2.0.7.1/3.2.1.1 Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. | 9.3 |