IBM : Security Vulnerabilities, CVEs, Published In 2011 (Information Leak) CVSS score >= 5

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
5.0
EPSS Score
0.33%
Published
2011-07-17
Updated
2017-08-29

CVE-2011-1839

IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Max CVSS
5.0
EPSS Score
0.14%
Published
2011-04-28
Updated
2017-08-17

CVE-2011-1368

The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors.
Max CVSS
5.0
EPSS Score
0.31%
Published
2011-10-29
Updated
2017-08-17

CVE-2011-0679

IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
Max CVSS
5.0
EPSS Score
0.54%
Published
2011-01-28
Updated
2017-08-17
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close