Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-02 | CVE-2011-0757 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. | 6.5 |
| 2011-01-28 | CVE-2011-0679 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." | 5.0 |
| 2011-01-25 | CVE-2011-0637 | Denial of Service vulnerability in IBM AIX 6.1 The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors. | 4.9 |
| 2011-01-19 | CVE-2011-0494 | Path Traversal vulnerability in IBM Tivoli Access Manager FOR E-Business Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. | 5.0 |
| 2011-01-18 | CVE-2011-0486 | Cross-Site Scripting vulnerability in IBM Cognos 8 Business Intelligence 8.4.1 Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter. | 4.3 |
| 2011-01-13 | CVE-2011-0310 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 6.8 |
| 2011-01-12 | CVE-2011-0316 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | 5.0 |
| 2011-01-12 | CVE-2011-0315 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | 4.3 |
| 2011-01-12 | CVE-2011-0314 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 6.5 |
| 2010-12-30 | CVE-2010-4623 | Resource Management Errors vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1 WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. | 4.0 |