Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-02 | CVE-2009-4150 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Universal Database dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | 4.6 |
| 2009-11-23 | CVE-2009-4052 | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. | 4.3 |
| 2009-11-16 | CVE-2009-2746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
| 2009-10-28 | CVE-2009-3816 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-10-22 | CVE-2009-3745 | Cross-Site Scripting vulnerability in IBM Rational Appscan 5.5.0.2 Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2009-10-20 | CVE-2009-3730 | Cross-Site Scripting vulnerability in IBM Rational Requisitepro 7.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp. | 4.3 |
| 2009-10-01 | CVE-2009-3521 | Cross-Site Scripting vulnerability in IBM Tivoli Composite Application Manager for Wesbsphere 6.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-09-29 | CVE-2009-3472 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | 6.5 |
| 2009-09-29 | CVE-2009-3470 | Resource Management Errors vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | 5.0 |
| 2009-09-29 | CVE-2009-3469 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1 Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |