Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2009-12-16 CVE-2009-4333 Information Exposure vulnerability in IBM DB2 9.5
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
network
low complexity
ibm CWE-200
7.5
2009-12-16 CVE-2009-4331 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5/9.7
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.
local
low complexity
ibm CWE-264
7.2
2009-12-16 CVE-2009-4330 Local Security vulnerability in IBM DB2 9.5
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.
local
low complexity
ibm
7.2
2009-12-02 CVE-2009-4153 Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.
network
low complexity
ibm
7.5
2009-11-06 CVE-2009-3900 Unspecified vulnerability in IBM Powerha
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
network
low complexity
ibm
7.8
2009-11-03 CVE-2009-3852 Unspecified vulnerability in IBM Runtimes for Java Technology 'XML4J' Component
Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."
network
low complexity
ibm
7.5
2009-10-01 CVE-2009-3516 Credentials Management vulnerability in IBM AIX
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
local
low complexity
ibm CWE-255
7.2
2009-09-29 CVE-2009-3471 Remote Security vulnerability in IBM DB2 8.0/9.1/9.5
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.
network
low complexity
ibm
7.5
2009-09-21 CVE-2009-2744 Unspecified vulnerability in IBM Websphere Application Server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25."
network
low complexity
ibm
7.8
2009-09-10 CVE-2009-3161 Multiple vulnerability in IBM WebSphere MQ 7.0.0.1/7.0.0.2/7.0.1.0
The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
network
low complexity
ibm
7.8