Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-14 | CVE-2010-0155 | Code Injection vulnerability in IBM products CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. | 3.5 |
| 2010-08-31 | CVE-2010-3196 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7 IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | 3.5 |
| 2010-05-17 | CVE-2010-0777 | Improper Input Validation vulnerability in IBM Websphere Application Server The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | 2.6 |
| 2010-05-03 | CVE-2010-1650 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. | 1.9 |
| 2010-05-03 | CVE-2010-1651 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | 1.9 |
| 2010-04-20 | CVE-2010-1487 | Credentials Management vulnerability in IBM Lotus Notes 7.0/8.0/8.5 IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | 2.1 |
| 2010-04-01 | CVE-2010-0769 | Credentials Management vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | 1.9 |
| 2010-02-05 | CVE-2009-2752 | Cryptographic Issues vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | 1.5 |
| 2009-09-21 | CVE-2009-2743 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | 2.1 |
| 2009-09-18 | CVE-2009-3262 | Cross-Site Scripting vulnerability in IBM Tivoli Identity Manager 5.0.0.5 Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile. | 3.5 |