IBM : Security Vulnerabilities (CVSS score between 1 and 1.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2013-0541	119	DoS Overflow	2013-04-24	2013-04-24	1.9	None	Local	Medium	Not required	None	None	Partial
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.
2	CVE-2013-0525	79	XSS	2013-03-26	2013-03-27	1.5	None	Local	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
3	CVE-2012-4838		+Info	2012-12-08	2012-12-26	1.9	None	Local	Medium	Not required	Partial	None	None
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity.
4	CVE-2012-4832	200	+Info	2013-01-31	2013-01-31	1.9	None	Local	Medium	Not required	Partial	None	None
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
5	CVE-2012-0742	200	+Info	2012-04-09	2012-04-10	1.9	None	Local	Medium	Not required	Partial	None	None
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.
6	CVE-2012-0700	255	Bypass	2013-01-31	2013-01-31	1.9	None	Local	Medium	Not required	None	Partial	None
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
7	CVE-2011-1820	200	+Info	2011-04-21	2011-04-21	1.7	None	Local	Low	Single system	Partial	None	None
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
8	CVE-2011-1378	264		2011-11-25	2012-01-17	1.9	None	Local	Medium	Not required	None	None	Partial
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
9	CVE-2011-1373		DoS	2011-11-09	2012-01-26	1.5	None	Local	Medium	Single system	None	None	Partial
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
10	CVE-2011-1310	200	+Info	2011-03-08	2011-04-07	1.9	None	Local	Medium	Not required	Partial	None	None
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.
11	CVE-2010-3406			2010-09-16	2011-07-18	1.7	None	Local	Low	Single system	None	Partial	None
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
12	CVE-2010-1651	310	+Info	2010-05-03	2010-06-22	1.9	None	Local	Medium	Not required	Partial	None	None
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.
13	CVE-2010-1650	310	+Info	2010-05-03	2010-05-20	1.9	None	Local	Medium	Not required	Partial	None	None
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
14	CVE-2010-0769	255		2010-04-01	2010-04-02	1.9	None	Local	Medium	Not required	Partial	None	None
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
15	CVE-2009-5084	310	+Info	2011-08-12	2012-04-25	1.9	None	Local	Medium	Not required	Partial	None	None
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
16	CVE-2009-2752	310	+Info	2010-02-05	2010-02-08	1.5	None	Local	Medium	Single system	Partial	None	None
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
17	CVE-2009-2094		+Info	2009-08-13	2009-08-14	1.5	None	Local	Medium	Single system	Partial	None	None
Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.
18	CVE-2009-0905	20	+Priv	2011-10-30	2012-02-29	1.7	None	Local	Low	Single system	None	Partial	None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
19	CVE-2009-0437	200	+Info	2009-02-10	2009-02-26	1.9	None	Local	Medium	Not required	Partial	None	None
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
20	CVE-2009-0434	200	+Info	2009-02-10	2009-02-26	1.9	None	Local	Medium	Not required	Partial	None	None
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
21	CVE-2007-4272			2007-08-18	2008-09-05	1.9	None	Local	Medium	Not required	None	Partial	None
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).
22	CVE-2005-1176		+Info	2005-05-02	2008-09-05	1.2	None	Local	High	Not required	Partial	None	None
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
23	CVE-2003-1447	310		2003-12-31	2008-09-05	1.9	None	Local	Medium	Not required	Partial	None	None
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
24	CVE-1999-1486			1998-02-25	2008-09-10	1.2	None	Local	High	Not required	None	Partial	None
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
25	CVE-1999-1480			1998-06-11	2008-09-05	1.2	None	Local	High	Not required	None	Partial	None
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
26	CVE-1999-0078		Exec Code	1996-04-18	2008-09-09	1.9	None	Local	Medium	Not required	Partial	None	None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Total number of vulnerabilities : 26 Page : 1 (This Page)