Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-24 | CVE-2009-0439 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | 7.2 |
| 2009-02-10 | CVE-2009-0436 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | 7.2 |
| 2009-02-02 | CVE-2009-0391 | Information Exposure vulnerability in IBM Websphere Application Server 6.0.1 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | 7.8 |
| 2009-01-30 | CVE-2009-0370 | Unspecified vulnerability in IBM AIX Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | 7.2 |
| 2009-01-15 | CVE-2009-0120 | Improper Input Validation vulnerability in IBM Websphere Datapower XML Security Gateway Xs40 3.6.1.5 The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | 7.8 |
| 2008-12-19 | CVE-2008-5686 | Improper Authentication vulnerability in IBM Tivoli Provisioning Manager IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | 8.5 |
| 2008-12-05 | CVE-2008-5329 | Denial-Of-Service vulnerability in Rational ClearQuest ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. | 7.5 |
| 2008-10-31 | CVE-2008-4806 | SQL Injection vulnerability in IBM Lotus Connections Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. | 7.5 |
| 2008-10-22 | CVE-2008-4678 | Resource Management Errors vulnerability in IBM Websphere Application Server The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | 7.8 |
| 2008-10-09 | CVE-2008-4507 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | 7.5 |