Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-20 | CVE-2010-3061 | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors. | 5.0 |
| 2010-08-20 | CVE-2010-3060 | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | 5.0 |
| 2010-08-10 | CVE-2010-2985 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository 6.3.0 Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. | 4.3 |
| 2010-08-02 | CVE-2010-2927 | Improper Authentication vulnerability in IBM Tivoli Directory Server The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | 5.0 |
| 2010-07-28 | CVE-2010-2896 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. | 4.3 |
| 2010-07-08 | CVE-2010-2656 | Permissions, Privileges, and Access Controls vulnerability in IBM Advanced Management Module The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. | 5.0 |
| 2010-07-08 | CVE-2010-2655 | Path Traversal vulnerability in IBM Advanced Management Module Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. | 4.0 |
| 2010-07-08 | CVE-2010-2654 | Cross-Site Scripting vulnerability in IBM Advanced Management Module Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. | 4.3 |
| 2010-06-24 | CVE-2010-0779 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-06-24 | CVE-2010-0778 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |