Vulnerabilities > IBM > Z OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-02 | CVE-2013-5385 | Improper Input Validation vulnerability in IBM I and Z/Os The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | 8.5 |
| 2012-12-26 | CVE-2012-5951 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | 7.2 |
| 2012-09-25 | CVE-2012-3311 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. | 3.3 |
| 2011-04-13 | CVE-2011-1683 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | 6.8 |
| 2010-06-18 | CVE-2010-2327 | Improper Input Validation vulnerability in IBM Websphere Application Server mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. | 4.3 |
| 2010-05-03 | CVE-2010-1651 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | 1.9 |
| 2009-03-09 | CVE-2009-0856 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-25 | CVE-2009-0506 | Local vulnerability in IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. | 6.2 |