Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-10 | CVE-2008-4284 | Link Following vulnerability in IBM Websphere Application Server Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | 5.8 |
| 2009-02-10 | CVE-2008-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. | 6.8 |
| 2009-02-10 | CVE-2008-6105 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-01-16 | CVE-2009-0173 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | 5.0 |
| 2009-01-16 | CVE-2009-0172 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | 5.0 |
| 2008-12-10 | CVE-2008-5413 | Information Exposure vulnerability in IBM Websphere Application Server PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. | 5.0 |
| 2008-12-10 | CVE-2008-5411 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2008-12-09 | CVE-2008-5387 | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | 6.2 |
| 2008-12-09 | CVE-2008-5386 | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | 6.9 |
| 2008-12-09 | CVE-2008-5385 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2 enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | 6.9 |