Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-31 | CVE-2012-0705 | Improper Input Validation vulnerability in IBM products InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors. | 7.1 |
| 2012-12-26 | CVE-2012-5951 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | 7.2 |
| 2012-12-26 | CVE-2012-4816 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Automation Framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | 7.5 |
| 2012-12-21 | CVE-2012-4859 | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. | 7.2 |
| 2012-12-20 | CVE-2012-4856 | Credentials Management vulnerability in IBM Power 5 and Power 5 System Firmware The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.9 |
| 2012-11-23 | CVE-2012-5758 | Improper Authentication vulnerability in IBM Websphere Datapower Xc10 Appliance The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. | 7.8 |
| 2012-11-14 | CVE-2012-4850 | Improper Input Validation vulnerability in IBM Websphere Application Server 8.5.0.0 IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | 7.5 |
| 2012-10-20 | CVE-2012-2167 | Remote Denial of Service vulnerability in IBM products The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | 7.8 |
| 2012-10-20 | CVE-2012-4826 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 8.5 |
| 2012-08-08 | CVE-2012-2203 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. | 7.5 |