Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-22 | CVE-2012-2179 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3/6.1/7.1 libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
| 2012-06-22 | CVE-2012-2172 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. | 4.3 |
| 2012-06-22 | CVE-2012-2171 | SQL Injection vulnerability in IBM products SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. | 6.5 |
| 2012-06-22 | CVE-2012-0191 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Expeditor The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. | 5.0 |
| 2012-06-22 | CVE-2012-0186 | Path Traversal vulnerability in IBM Lotus Expeditor Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. | 4.3 |
| 2012-06-20 | CVE-2012-2192 | Resource Management Errors vulnerability in IBM AIX and Vios The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | 4.9 |
| 2012-06-20 | CVE-2012-2180 | Multiple Security vulnerability in IBM DB2 The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. network ibm | 4.3 |
| 2012-06-20 | CVE-2012-2173 | Credentials Management vulnerability in IBM Security Appscan Source The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2012-06-20 | CVE-2012-2170 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. | 4.3 |
| 2012-06-20 | CVE-2012-2161 | Cross-Site Scripting vulnerability in IBM Security Appscan Source and Spss Data Collection Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |