Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-15 | CVE-2009-1009 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. | 4.4 |
| 2009-04-15 | CVE-2009-1008 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. | 4.4 |
| 2009-04-13 | CVE-2009-1290 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Advanced Management Module 1.36H Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. | 6.8 |
| 2009-04-13 | CVE-2009-1289 | Information Exposure vulnerability in IBM Advanced Management Module and Bladecenter private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. | 4.0 |
| 2009-04-13 | CVE-2009-1288 | Cross-Site Scripting vulnerability in IBM Advanced Management Module and Bladecenter Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager. | 4.3 |
| 2009-04-13 | CVE-2009-1286 | Remote Denial of Service vulnerability in IBM Lotus Domino IMAP Server The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | 5.0 |
| 2009-04-03 | CVE-2009-1239 | Information Exposure vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | 5.0 |
| 2009-03-31 | CVE-2004-2762 | Multiple vulnerability in IBM Tivoli Storage Manager The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1. network ibm | 4.3 |
| 2009-03-31 | CVE-2009-0892 | Improper Authentication vulnerability in IBM Websphere Application Server The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | 5.5 |
| 2009-03-25 | CVE-2009-0891 | Improper Authentication vulnerability in IBM Websphere Application Server The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | 5.5 |