Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-10 | CVE-2007-6680 | Unspecified vulnerability in IBM AIX 6.1 Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy. | 2.1 |
| 2007-12-15 | CVE-2007-6363 | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | 2.1 |
| 2007-11-14 | CVE-2007-5949 | Cross-Site Scripting vulnerability in IBM Tivoli Service Desk 6.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | 3.5 |
| 2007-11-05 | CVE-2007-5819 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Continuous Data Protection for Files 3.1.0 IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | 2.1 |
| 2007-10-29 | CVE-2007-5701 | Information Exposure vulnerability in IBM Lotus Domino Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | 2.1 |
| 2007-08-18 | CVE-2007-4271 | Path Traversal vulnerability in IBM DB2 Universal Database Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. | 2.1 |
| 2007-08-18 | CVE-2007-4272 | Multiple Unspecified vulnerability in IBM DB2 Universal Database Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). local ibm | 1.9 |
| 2007-08-13 | CVE-2007-4309 | Remote Security vulnerability in Lotus Notes IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. network ibm | 3.5 |
| 2007-07-17 | CVE-2007-3830 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. network ibm | 3.5 |
| 2006-12-18 | CVE-2006-6607 | Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6 The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. low complexity ibm | 2.7 |