Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-17 | CVE-2012-2165 | Information Exposure vulnerability in IBM Rational Clearquest IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. | 3.5 |
| 2012-08-17 | CVE-2012-2169 | Cross-Site Scripting vulnerability in IBM Rational Clearquest Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. | 3.5 |
| 2012-08-17 | CVE-2012-2205 | Cross-Site Scripting vulnerability in IBM Rational Clearquest Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. | 3.5 |
| 2012-08-17 | CVE-2012-2206 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. | 3.5 |
| 2012-07-27 | CVE-2012-2202 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. | 3.5 |
| 2012-06-20 | CVE-2012-0717 | Improper Authentication vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | 2.6 |
| 2012-05-03 | CVE-2012-0737 | Cross-Site Scripting vulnerability in IBM Rational Appscan Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-04-09 | CVE-2012-0742 | Information Exposure vulnerability in IBM Tivoli Event Pump 4.2.2 IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. | 1.9 |
| 2012-01-15 | CVE-2011-5066 | Information Exposure vulnerability in IBM Websphere Application Server The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | 2.1 |
| 2011-11-26 | CVE-2011-1378 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 6.0 IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. | 1.9 |