Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-20 | CVE-2010-3475 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | 4.0 |
| 2010-09-20 | CVE-2010-3474 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7/9.7.0.1/9.7.0.2 IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | 5.0 |
| 2010-09-20 | CVE-2010-3473 | Improper Input Validation vulnerability in IBM Filenet P8 Application Engine 3.5.1 Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2010-09-20 | CVE-2010-3472 | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-09-20 | CVE-2010-3471 | Improper Authentication vulnerability in IBM Filenet P8 Application Engine 4.0.2 Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
| 2010-09-20 | CVE-2010-3470 | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-09-20 | CVE-2009-5002 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | 6.4 |
| 2010-09-20 | CVE-2009-5001 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 4.0 |
| 2010-09-20 | CVE-2009-5000 | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 4.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | 4.3 |
| 2010-09-20 | CVE-2009-4999 | Cross-Site Scripting vulnerability in IBM Filenet P8 Application Engine 3.5.1 Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | 4.3 |