IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
Max CVSS
7.5
EPSS Score
10.87%
Published
2011-12-02
Updated
2017-08-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.36%
Published
2011-09-20
Updated
2019-09-30
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
Max CVSS
9.0
EPSS Score
95.74%
Published
2011-09-19
Updated
2017-08-29
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050.
Max CVSS
10.0
EPSS Score
0.34%
Published
2011-08-12
Updated
2017-08-29
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.
Max CVSS
10.0
EPSS Score
0.17%
Published
2011-08-12
Updated
2012-04-25
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.30%
Published
2011-08-12
Updated
2017-08-29
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-08-10
Updated
2012-06-15
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-08-10
Updated
2012-06-15
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
Max CVSS
10.0
EPSS Score
0.56%
Published
2011-07-27
Updated
2017-08-29
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.34%
Published
2011-07-07
Updated
2017-08-29
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."
Max CVSS
10.0
EPSS Score
0.32%
Published
2011-07-07
Updated
2017-08-29
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
Max CVSS
9.0
EPSS Score
0.29%
Published
2011-06-02
Updated
2018-10-09
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.
Max CVSS
9.3
EPSS Score
0.23%
Published
2011-05-20
Updated
2017-08-29
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.26%
Published
2011-05-16
Updated
2017-08-29
solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.
Max CVSS
9.3
EPSS Score
1.31%
Published
2011-04-05
Updated
2017-08-17
Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.17%
Published
2011-04-05
Updated
2011-04-05
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
Max CVSS
7.2
EPSS Score
0.05%
Published
2011-03-25
Updated
2018-10-09
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
Max CVSS
10.0
EPSS Score
7.67%
Published
2011-03-25
Updated
2018-10-09
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
Max CVSS
9.3
EPSS Score
6.10%
Published
2011-05-31
Updated
2018-10-09
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.
Max CVSS
10.0
EPSS Score
0.45%
Published
2011-03-22
Updated
2017-08-17
Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet.
Max CVSS
7.8
EPSS Score
0.66%
Published
2011-12-27
Updated
2017-08-17
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
Max CVSS
9.3
EPSS Score
0.92%
Published
2011-10-30
Updated
2017-08-17
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.
Max CVSS
8.8
EPSS Score
0.68%
Published
2011-10-30
Updated
2017-08-17
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
Max CVSS
7.5
EPSS Score
0.26%
Published
2011-03-09
Updated
2017-08-17
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.17%
Published
2011-03-08
Updated
2011-04-07
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!