Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-24 | CVE-2009-1056 | Information Disclosure vulnerability in IBM Rational AppScan Enterprise Exported Report IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing." | 5.0 |
| 2009-03-12 | CVE-2009-0880 | Path Traversal vulnerability in IBM Director Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. | 6.8 |
| 2009-03-12 | CVE-2009-0879 | Improper Input Validation vulnerability in IBM Director The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | 5.0 |
| 2009-03-09 | CVE-2009-0856 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-26 | CVE-2009-0507 | Configuration vulnerability in IBM Websphere Process Server 6.1.2/6.1.2.1 IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | 4.0 |
| 2009-02-25 | CVE-2009-0506 | Local vulnerability in IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. | 6.2 |
| 2009-02-22 | CVE-2009-0440 | Improper Authentication vulnerability in IBM Websphere Partner Gateway IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | 6.5 |
| 2009-02-17 | CVE-2008-4285 | Resource Management Errors vulnerability in IBM Websphere Application Server Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." | 5.0 |
| 2009-02-11 | CVE-2009-0536 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | 4.9 |
| 2009-02-10 | CVE-2009-0438 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 7.0 IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. | 5.0 |