Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-20 | CVE-2006-7242 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 4.0 |
| 2010-09-20 | CVE-2006-7241 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | 4.0 |
| 2010-09-16 | CVE-2010-3405 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. | 6.8 |
| 2010-09-14 | CVE-2010-0154 | Path Traversal vulnerability in IBM products Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2010-09-14 | CVE-2010-0153 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. | 6.8 |
| 2010-09-14 | CVE-2010-0152 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. | 4.3 |
| 2010-09-13 | CVE-2010-3320 | Improper Input Validation vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1 Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2010-09-13 | CVE-2010-3319 | Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1 IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | 5.0 |
| 2010-09-13 | CVE-2010-3318 | Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1 IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2010-09-13 | CVE-2010-3317 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1 Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |