Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-11 | CVE-2007-1940 | Unspecified vulnerability in IBM Tivoli Business Service Manager 4.1 IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | 4.9 |
| 2007-03-29 | CVE-2006-4843 | HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. network ibm | 4.3 |
| 2007-03-20 | CVE-2006-7166 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | 5.0 |
| 2007-03-20 | CVE-2006-7165 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." network ibm | 4.3 |
| 2007-03-20 | CVE-2006-7164 | Information Disclosure vulnerability in Websphere Application Server SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | 4.3 |
| 2007-03-16 | CVE-2007-1468 | Cross-Site Scripting vulnerability in IBM Rational Clearquest 7.0.0.0 Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. | 4.3 |
| 2007-03-02 | CVE-2007-1228 | Improper Authentication vulnerability in IBM DB2 8.2/9.0 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | 4.4 |
| 2007-03-02 | CVE-2007-1223 | Denial-Of-Service vulnerability in OSAS/FT/W Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port". | 5.0 |
| 2007-02-21 | CVE-2007-1027 | Link Following vulnerability in IBM DB2 9.0 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | 4.4 |
| 2007-02-03 | CVE-2007-0670 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin. | 4.6 |