Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-28 | CVE-2009-4438 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | 6.5 |
| 2009-12-18 | CVE-2009-4357 | Information Exposure vulnerability in IBM Rational Clearcase and Rational Clearquest CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4334 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | 4.6 |
| 2009-12-16 | CVE-2009-4332 | Denial-Of-Service vulnerability in DB2 9.1/9.5/9.7 db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4329 | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | 4.0 |
| 2009-12-16 | CVE-2009-4328 | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | 4.0 |
| 2009-12-16 | CVE-2009-4327 | Improper Input Validation vulnerability in IBM DB2 9.5/9.7 The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4326 | Information Exposure vulnerability in IBM DB2 9.5/9.7 The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | 4.3 |
| 2009-12-16 | CVE-2009-4325 | Improper Input Validation vulnerability in IBM DB2 The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | 6.4 |
| 2009-12-09 | CVE-2009-4239 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server 8.1 Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |