Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-10 | CVE-2009-0435 | Multiple vulnerability in IBM WebSphere Application Server Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. | 5.0 |
| 2009-02-10 | CVE-2009-0432 | Configuration vulnerability in IBM Websphere Application Server The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2009-02-10 | CVE-2008-4284 | Link Following vulnerability in IBM Websphere Application Server Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | 5.8 |
| 2009-02-10 | CVE-2008-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. | 6.8 |
| 2009-02-10 | CVE-2008-6105 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-01-16 | CVE-2009-0173 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | 5.0 |
| 2009-01-16 | CVE-2009-0172 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | 5.0 |
| 2008-12-10 | CVE-2008-5413 | Information Exposure vulnerability in IBM Websphere Application Server PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. | 5.0 |
| 2008-12-10 | CVE-2008-5411 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2008-12-09 | CVE-2008-5387 | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | 6.2 |