Vulnerabilities > IBM > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-03 | CVE-2008-3894 | Information Exposure vulnerability in IBM Lenovo 7Cetb5Ww 2.05 IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-03-09 | CVE-2007-6705 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | 3.3 |
2008-02-13 | CVE-2008-0740 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
2008-01-25 | CVE-2008-0441 | Unspecified vulnerability in IBM Tivoli Business Service Manager 4.1.1 IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. | 2.1 |
2008-01-10 | CVE-2007-6680 | Unspecified vulnerability in IBM AIX 6.1 Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy. | 2.1 |
2007-12-15 | CVE-2007-6363 | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | 2.1 |
2007-11-14 | CVE-2007-5949 | Cross-Site Scripting vulnerability in IBM Tivoli Service Desk 6.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | 3.5 |
2007-11-05 | CVE-2007-5819 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Continuous Data Protection for Files 3.1.0 IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | 2.1 |
2007-10-29 | CVE-2007-5701 | Information Exposure vulnerability in IBM Lotus Domino Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | 2.1 |
2007-08-18 | CVE-2007-4271 | Path Traversal vulnerability in IBM DB2 Universal Database Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. | 2.1 |