Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-06 | CVE-2012-2188 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. | 7.2 |
| 2012-07-25 | CVE-2012-2197 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | 7.1 |
| 2012-06-27 | CVE-2012-2200 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | 7.2 |
| 2012-05-14 | CVE-2011-1390 | SQL Injection vulnerability in IBM Rational Clearquest SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | 7.5 |
| 2012-05-04 | CVE-2012-0745 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2012-05-03 | CVE-2012-0735 | Improper Input Validation vulnerability in IBM Rational Appscan IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. | 7.6 |
| 2012-05-03 | CVE-2012-0734 | Multiple Security vulnerability in IBM Rational Products IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job. | 7.6 |
| 2012-03-22 | CVE-2012-1844 | Credentials Management vulnerability in multiple products The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | 7.5 |
| 2012-03-20 | CVE-2012-1796 | Local Security vulnerability in IBM DB2 9.5 Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | 7.2 |
| 2012-03-20 | CVE-2012-0711 | Numeric Errors vulnerability in IBM DB2 9.1/9.5/9.7 Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow. | 7.5 |