Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-19 | CVE-2006-6636 | Unspecified vulnerability in IBM WebSphere Utility Classes Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | 10.0 |
2006-12-18 | CVE-2006-6607 | Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6 The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. low complexity ibm | 2.7 |
2006-12-14 | CVE-2006-6537 | Security Bypass vulnerability in Websphere Host On-Demand IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | 7.5 |
2006-12-06 | CVE-2006-6309 | Denial-Of-Service vulnerability in Tivoli Storage Manager Express Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855. | 7.5 |
2006-12-06 | CVE-2006-5855 | Buffer Overflow vulnerability in IBM Tivoli Storage Manager Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | 10.0 |
2006-11-28 | CVE-2006-6136 | Multiple vulnerability in IBM Websphere Application Server 6.1.0 IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | 10.0 |
2006-11-28 | CVE-2006-6135 | Multiple vulnerability in IBM Websphere Application Server 6.1.0 Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | 10.0 |
2006-11-10 | CVE-2006-5835 | Information Disclosure vulnerability in IBM Lotus Notes User.ID File Key The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. | 5.0 |
2006-11-08 | CVE-2006-5818 | TuneKrnl Local Privilege Escalation vulnerability in IBM Lotus Domino Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. | 7.2 |
2006-11-03 | CVE-2006-5664 | Local Security vulnerability in IBM products The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | 4.6 |