Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-08 | CVE-2009-3106 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | 5.0 |
| 2009-09-08 | CVE-2009-3105 | Cross-Site Scripting vulnerability in IBM Domino web Access 8.0.1 Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | 4.3 |
| 2009-09-08 | CVE-2009-3090 | Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0 Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
| 2009-09-08 | CVE-2009-3087 | Denial-Of-Service vulnerability in IBM Lotus Domino 8.0 Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
| 2009-09-01 | CVE-2009-3038 | Denial-Of-Service vulnerability in Lotus Notes Connector A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. | 4.3 |
| 2009-08-24 | CVE-2009-2956 | Information Exposure vulnerability in IBM Websphere Commerce Suite The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | 5.0 |
| 2009-08-19 | CVE-2009-2860 | Unspecified vulnerability in IBM DB2 8.1 Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
| 2009-08-19 | CVE-2009-2859 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | 4.6 |
| 2009-08-19 | CVE-2009-2858 | Resource Management Errors vulnerability in IBM DB2 8.1 Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | 5.0 |
| 2009-08-13 | CVE-2009-2093 | SQL Injection vulnerability in IBM Websphere Partner Gateway SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |