Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7009 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1558 1 Ibm 1 Webi 2011-04-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.
CVE-2011-1319 1 Ibm 1 Websphere Application Server 2011-03-30 4.0 MEDIUM N/A
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.
CVE-2011-1318 1 Ibm 1 Websphere Application Server 2011-03-30 5.0 MEDIUM N/A
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
CVE-2011-1320 1 Ibm 1 Websphere Application Server 2011-03-29 6.8 MEDIUM N/A
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
CVE-2008-7285 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 5.0 MEDIUM N/A
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25.
CVE-2008-7284 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.
CVE-2009-5058 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR.
CVE-2009-5060 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.
CVE-2009-5062 1 Ibm 3 Aix, Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.
CVE-2009-5059 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J.
CVE-2009-5061 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 2.1 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N.
CVE-2008-7286 1 Ibm 2 Lotus Domino, Lotus Quickr 2011-03-24 3.5 LOW N/A
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.
CVE-2011-1321 1 Ibm 1 Websphere Application Server 2011-03-10 6.5 MEDIUM N/A
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).
CVE-2011-1322 1 Ibm 1 Websphere Application Server 2011-03-09 5.0 MEDIUM N/A
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.
CVE-2009-0391 1 Ibm 2 Websphere Application Server, Zos 2011-03-08 7.8 HIGH N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
CVE-2008-5686 1 Ibm 1 Tivoli Provisioning Manager 2011-03-08 8.5 HIGH N/A
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
CVE-2008-5675 1 Ibm 1 Websphere Portal 2011-03-08 10.0 HIGH N/A
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
CVE-2008-4691 1 Ibm 1 Db2 2011-03-08 5.0 MEDIUM N/A
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
CVE-2008-3235 1 Ibm 1 Websphere Application Server 2011-03-08 10.0 HIGH N/A
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.
CVE-2008-1598 1 Ibm 1 Aix 2011-03-08 4.7 MEDIUM N/A
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.