Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-12-19 | CVE-2012-3329 | Link Following vulnerability in IBM Advanced Settings Utility and Bootable Media Creator IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file. | 3.3 |
| 2012-12-19 | CVE-2012-4848 | Cross-Site Scripting vulnerability in IBM Lotus Foundations Start Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field. | 3.5 |
| 2012-12-08 | CVE-2012-4838 | Unspecified vulnerability in IBM products IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. local ibm | 1.9 |
| 2012-12-05 | CVE-2012-4862 | Credentials Management vulnerability in IBM Rational Developer for System Z The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2012-10-08 | CVE-2012-5307 | Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. | 2.6 |
| 2012-10-01 | CVE-2012-4833 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | 2.1 |
| 2012-09-25 | CVE-2012-3300 | Resource Management Errors vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 2.6 |
| 2012-09-25 | CVE-2012-3311 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. | 3.3 |
| 2012-09-10 | CVE-2012-0746 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-08-24 | CVE-2012-0713 | Multiple Security vulnerability in IBM DB2 Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. | 3.5 |