Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-25 | CVE-2009-2211 | Cross-Site Scripting vulnerability in IBM Rational Clearquest Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-08 | CVE-2009-1953 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager 4.0/4.0.1/4.5 IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. | 4.6 |
| 2009-06-03 | CVE-2009-1906 | Denial-Of-Service vulnerability in DB2 9.1/9.5 The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. network ibm | 4.3 |
| 2009-06-03 | CVE-2008-2154 | Configuration vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | 6.0 |
| 2009-06-03 | CVE-2009-1900 | Information Exposure vulnerability in IBM Websphere Application Server The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. | 5.0 |
| 2009-06-03 | CVE-2009-1898 | Information Exposure vulnerability in IBM Websphere Application Server The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | 5.0 |
| 2009-06-03 | CVE-2009-0899 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | 4.3 |
| 2009-05-26 | CVE-2009-1786 | Race Condition vulnerability in IBM AIX 5.3/6.1 The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | 6.9 |
| 2009-05-21 | CVE-2009-0897 | Information Disclosure vulnerability in IBM WebSphere Partner Gateway 'bcgarchive' IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). | 4.0 |
| 2009-04-15 | CVE-2009-1010 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. | 4.4 |