Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-08 | CVE-2011-1310 | Information Exposure vulnerability in IBM Websphere Application Server The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. | 1.9 |
| 2011-02-14 | CVE-2011-1029 | Cross-Site Scripting vulnerability in IBM Rational Team Concert 2.0.0.1/2.0.0.2 Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. | 3.5 |
| 2010-12-16 | CVE-2010-4547 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | 3.5 |
| 2010-12-16 | CVE-2010-4548 | Improper Input Validation vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | 2.1 |
| 2010-10-05 | CVE-2010-3732 | Improper Input Validation vulnerability in IBM DB2 9.5 The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | 3.5 |
| 2010-10-05 | CVE-2010-3735 | Resource Management Errors vulnerability in IBM DB2 9.5 The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | 2.1 |
| 2010-10-05 | CVE-2010-3737 | Resource Management Errors vulnerability in IBM DB2 9.5 Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | 3.5 |
| 2010-09-20 | CVE-2008-7261 | Credentials Management vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
| 2010-09-20 | CVE-2009-4998 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2.6 |
| 2010-09-16 | CVE-2010-3406 | Local Privilege Escalation and Security Bypass vulnerability in IBM AIX 5.3 Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors. | 1.7 |