Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-11-12 | CVE-2010-3898 | Permissions, Privileges, and Access Controls vulnerability in IBM Omnifind IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | 5.0 |
| 2010-11-12 | CVE-2010-3897 | Credentials Management vulnerability in IBM Omnifind ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. | 5.0 |
| 2010-11-12 | CVE-2010-3892 | Multiple vulnerability in RETIRED: IBM OmniFind Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. network ibm | 6.8 |
| 2010-11-12 | CVE-2010-3891 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Omnifind 8.0/8.4/8.5 Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. | 6.8 |
| 2010-11-12 | CVE-2010-3890 | Cross-Site Scripting vulnerability in IBM Omnifind 8.0/8.4/8.5 Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. | 4.3 |
| 2010-11-12 | CVE-2010-2637 | Cryptographic Issues vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | 4.3 |
| 2010-11-09 | CVE-2010-4220 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | 4.3 |
| 2010-11-09 | CVE-2010-4219 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.1 Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-11-09 | CVE-2010-4217 | Resource Management Errors vulnerability in IBM Tivoli Directory Server Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | 5.0 |
| 2010-11-09 | CVE-2010-4216 | Buffer Errors vulnerability in IBM Tivoli Directory Server 6.0/6.0.0.7/6.0.0.8 IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. | 5.0 |