Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-08 | CVE-2010-0563 | Information Exposure vulnerability in IBM Websphere Application Server The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | 5.0 |
| 2010-02-05 | CVE-2009-2751 | Cryptographic Issues vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | 4.3 |
| 2010-02-04 | CVE-2009-2750 | Configuration vulnerability in IBM Websphere Service Registry and Repository 6.3.0/6.3.0.1 IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | 5.5 |
| 2010-02-02 | CVE-2010-0472 | Remote Denial of Service vulnerability in IBM DB2 9.7.0.1 kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. | 5.0 |
| 2010-01-28 | CVE-2010-0462 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 9.1/9.5/9.7 Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | 6.5 |
| 2010-01-25 | CVE-2008-7253 | Configuration vulnerability in IBM Lotus Domino Server The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
| 2010-01-20 | CVE-2010-0357 | Cross-Site Scripting vulnerability in IBM Lotus web Content Management Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2010-01-14 | CVE-2010-0312 | Improper Input Validation vulnerability in IBM Tivoli Directory Server 6.2 The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request). | 5.0 |
| 2010-01-14 | CVE-2010-0311 | Privilege Escalation vulnerability in SUN Java System Identity Server 8.1.0.5/8.1.0.6 Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | 6.8 |
| 2009-12-28 | CVE-2009-4439 | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | 4.0 |