Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-12-16 | CVE-2009-4333 | Information Exposure vulnerability in IBM DB2 9.5 The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | 7.5 |
2009-12-16 | CVE-2009-4331 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5/9.7 The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | 7.2 |
2009-12-16 | CVE-2009-4330 | Local Security vulnerability in IBM DB2 9.5 Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | 7.2 |
2009-12-02 | CVE-2009-4153 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. | 7.5 |
2009-11-06 | CVE-2009-3900 | Unspecified vulnerability in IBM Powerha Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp). | 7.8 |
2009-11-03 | CVE-2009-3852 | Unspecified vulnerability in IBM Runtimes for Java Technology 'XML4J' Component Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | 7.5 |
2009-10-01 | CVE-2009-3516 | Credentials Management vulnerability in IBM AIX gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | 7.2 |
2009-09-29 | CVE-2009-3471 | Remote Security vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | 7.5 |
2009-09-21 | CVE-2009-2744 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." | 7.8 |
2009-09-10 | CVE-2009-3161 | Multiple vulnerability in IBM WebSphere MQ 7.0.0.1/7.0.0.2/7.0.1.0 The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data. | 7.8 |