pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Max CVSS
1.9
EPSS Score
0.04%
Published
1996-04-18
Updated
2022-08-17
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.06%
Published
1998-06-11
Updated
2008-09-05
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.04%
Published
1998-02-25
Updated
2017-10-10
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
Max CVSS
1.9
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
Max CVSS
1.2
EPSS Score
0.05%
Published
2005-05-02
Updated
2017-07-11
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).
Max CVSS
1.9
EPSS Score
0.04%
Published
2007-08-18
Updated
2017-07-29
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-02-10
Updated
2017-08-08
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-02-10
Updated
2017-08-08
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
Max CVSS
1.7
EPSS Score
0.04%
Published
2011-10-30
Updated
2017-08-17
Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.
Max CVSS
1.5
EPSS Score
0.04%
Published
2009-08-13
Updated
2017-08-17
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
Max CVSS
1.5
EPSS Score
0.04%
Published
2010-02-05
Updated
2017-08-17
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
Max CVSS
1.9
EPSS Score
0.04%
Published
2011-08-12
Updated
2012-04-25
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-04-01
Updated
2017-08-17
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
Max CVSS
1.9
EPSS Score
0.06%
Published
2010-05-03
Updated
2017-08-17
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-05-03
Updated
2017-08-17
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
Max CVSS
1.7
EPSS Score
0.04%
Published
2010-09-16
Updated
2017-09-19
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.
Max CVSS
1.9
EPSS Score
0.04%
Published
2011-03-08
Updated
2011-04-07
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
Max CVSS
1.5
EPSS Score
0.04%
Published
2011-11-09
Updated
2017-09-19
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
Max CVSS
1.9
EPSS Score
0.04%
Published
2011-11-26
Updated
2017-08-17
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
Max CVSS
1.7
EPSS Score
0.06%
Published
2011-04-21
Updated
2017-08-17
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-01-31
Updated
2017-08-29
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-04-09
Updated
2017-08-29
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
1.9
EPSS Score
0.23%
Published
2013-01-31
Updated
2017-08-29
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-12-08
Updated
2021-11-08
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
Max CVSS
1.5
EPSS Score
0.05%
Published
2013-03-26
Updated
2017-08-29
41 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!