Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-05-26 | CVE-2011-2173 | Resource Management Errors vulnerability in IBM Websphere Portal 6.0.1.7/7.0.0.1 The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. | 4.0 |
| 2011-05-26 | CVE-2011-2172 | Cross-Site Scripting vulnerability in IBM Websphere Portal 7.0.0.1 Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-05-26 | CVE-2010-4806 | Permissions, Privileges, and Access Controls vulnerability in IBM web Content Manager 6.1.5/7.0.01 The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | 4.0 |
| 2011-05-16 | CVE-2011-2144 | Resource Management Errors vulnerability in IBM Datacap Taskmaster Capture 8.0.1 The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in an e-mail message that is represented in a .eml file. | 5.0 |
| 2011-05-16 | CVE-2011-2143 | Permissions, Privileges, and Access Controls vulnerability in IBM Datacap Taskmaster Capture 8.0.1 IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. | 6.8 |
| 2011-05-16 | CVE-2011-2142 | Cryptographic Issues vulnerability in IBM Datacap Taskmaster Capture 8.0.1 The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. | 5.0 |
| 2011-05-04 | CVE-2011-1209 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | 4.3 |
| 2011-05-03 | CVE-2011-1847 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. | 4.9 |
| 2011-05-03 | CVE-2011-1846 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. | 6.5 |
| 2011-04-28 | CVE-2011-1839 | Information Exposure vulnerability in IBM Rational Build Forge 7.1.0 IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 5.0 |