Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-08 | CVE-2011-4708 | Cross-Site Scripting vulnerability in IBM Rational Asset Manager Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-11-28 | CVE-2011-1372 | Improper Authentication vulnerability in IBM products The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 6.8 |
| 2011-11-19 | CVE-2011-4465 | Cross-Site Scripting vulnerability in IBM Lotus Mobile Connect 6.1.4 Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. | 4.3 |
| 2011-11-11 | CVE-2011-4435 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Tools for Z/Os 2.3.0 The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. | 5.0 |
| 2011-11-11 | CVE-2011-1375 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/7.1 IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call. | 4.9 |
| 2011-10-30 | CVE-2009-0900 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file. | 4.1 |
| 2011-10-30 | CVE-2009-2748 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-30 | CVE-2009-2747 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. | 5.0 |
| 2011-10-29 | CVE-2011-1370 | Configuration vulnerability in IBM Lotus Sametime The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | 5.0 |
| 2011-10-29 | CVE-2011-1368 | Information Exposure vulnerability in IBM Websphere Application Server 8.0.0.0 The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors. | 5.0 |