Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-01-23 CVE-2008-0402 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Business Modeler 6.0.21
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.
network
ibm CWE-264
6.0
2008-01-19 CVE-2008-0369 Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.00
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
local
ibm
6.9
2008-01-18 CVE-2008-0354 Cross-Site Scripting vulnerability in IBM Lotus Sametime 7.5/7.5.1
Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim.
network
ibm CWE-79
4.3
2007-12-28 CVE-2007-6594 Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes
IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.
local
ibm CWE-264
6.9
2007-12-17 CVE-2007-6408 Information Exposure vulnerability in IBM Tivoli Provisioning Manager Express
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
network
low complexity
ibm CWE-200
5.0
2007-12-17 CVE-2007-6407 Cross-Site Scripting vulnerability in IBM Tivoli Provisioning Manager Express
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."
network
ibm CWE-79
4.3
2007-12-10 CVE-2007-6305 Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
local
low complexity
linux unix ibm CWE-119
4.6
2007-12-10 CVE-2007-6295 Cross-Site Scripting vulnerability in IBM Lotus Sametime
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
network
ibm CWE-79
4.3
2007-12-10 CVE-2007-6294 Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console 3.3.7
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
local
low complexity
ibm CWE-264
4.9
2007-12-04 CVE-2007-6232 Cross-Site Scripting vulnerability in FTP Admin 0.1.0
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
4.3