Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-21 | CVE-2013-3035 | Improper Input Validation vulnerability in IBM AIX and Vios The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. | 7.1 |
2013-06-05 | CVE-2013-3475 | Buffer Errors vulnerability in IBM Db2, DB2 Connect and Smart Analytics System 7600 Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. | 7.2 |
2013-06-05 | CVE-2013-0509 | Buffer Errors vulnerability in IBM products Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. | 7.6 |
2013-06-05 | CVE-2013-0508 | Buffer Errors vulnerability in IBM products Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory. | 7.6 |
2013-05-27 | CVE-2013-2956 | SQL Injection vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-03-29 | CVE-2013-0513 | Local Privilege Escalation vulnerability in Multiple IBM Products IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability. | 7.2 |
2013-03-27 | CVE-2013-0487 | Improper Authentication vulnerability in IBM Lotus Domino The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | 8.5 |
2013-03-20 | CVE-2012-5938 | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | 7.2 |
2013-02-27 | CVE-2013-0490 | Local Privilege Escalation vulnerability in IBM Infosphere Guardium 8.00 Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors. | 7.2 |
2013-02-19 | CVE-2012-6354 | Improper Authentication vulnerability in IBM SAN Volume Controller Software and Storwize V7000 The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. | 7.5 |