Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-11-10 CVE-2008-5011 Cross-Site Scripting vulnerability in IBM Lotus Quickr
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
network
ibm CWE-79
4.3
2008-10-31 CVE-2008-4808 Information Exposure vulnerability in IBM Lotus Connections
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
2008-10-31 CVE-2008-4805 Cross-Site Scripting vulnerability in IBM Lotus Connections
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components.
network
ibm CWE-79
4.3
2008-10-22 CVE-2008-4693 Information Exposure vulnerability in IBM DB2
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
network
low complexity
ibm CWE-200
5.0
2008-10-22 CVE-2008-4691 Denial-Of-Service vulnerability in IBM DB2 8.2/9.1
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
network
low complexity
ibm
5.0
2008-10-22 CVE-2008-4679 Improper Authentication vulnerability in IBM Websphere Application Server
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.
network
ibm CWE-287
6.8
2008-10-15 CVE-2008-4581 Permissions, Privileges, and Access Controls vulnerability in IBM Enovia Smarteam 5
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.
network
low complexity
ibm CWE-264
4.0
2008-09-11 CVE-2008-3960 Improper Input Validation vulnerability in IBM DB2 Universal Database 8.2
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
network
low complexity
ibm CWE-20
5.0
2008-09-11 CVE-2008-3959 Denial-Of-Service vulnerability in DB2 8.1/8.2
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
network
low complexity
ibm
5.0
2008-08-29 CVE-2008-3860 Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1
Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page.
network
ibm microsoft CWE-79
4.3