Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-05-05 | CVE-2011-1208 | Denial of Service vulnerability in IBM solidDB 'rpc_test_svc' Commands IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command. | 7.8 |
| 2011-03-25 | CVE-2011-1520 | Improper Authentication vulnerability in IBM Lotus Domino The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | 7.2 |
| 2011-03-09 | CVE-2011-1343 | SQL Injection vulnerability in IBM Tivoli Netcool/Omnibus SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." | 7.5 |
| 2011-03-08 | CVE-2011-1309 | Improper Input Validation vulnerability in IBM Websphere Application Server The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. | 7.5 |
| 2011-02-01 | CVE-2011-0731 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2010-11-12 | CVE-2010-3896 | Improper Authentication vulnerability in IBM Omnifind The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | 7.5 |
| 2010-11-12 | CVE-2010-3895 | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind 8.0/8.4/8.5 esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. | 7.2 |
| 2010-11-12 | CVE-2010-3893 | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | 7.5 |
| 2010-10-25 | CVE-2010-4069 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. | 8.5 |
| 2010-10-05 | CVE-2010-3760 | Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data. | 7.8 |