CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0879 119 Exec Code Overflow 2014-03-21 2014-03-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.
2 CVE-2014-0862 Exec Code 2014-03-01 2014-03-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
3 CVE-2013-6724 Exec Code 2014-02-01 2014-02-03
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value.
4 CVE-2013-5458 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
5 CVE-2013-5457 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.
6 CVE-2013-5456 Exec Code 2013-11-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
7 CVE-2013-5446 2013-10-22 2013-10-22
10.0
None Remote Low Not required Complete Complete Complete
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
8 CVE-2013-5403 2013-09-27 2013-10-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors.
9 CVE-2013-5400 255 Bypass 2014-02-14 2014-02-14
10.0
None Remote Low Not required Complete Complete Complete
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.
10 CVE-2013-5370 Exec Code 2013-09-30 2013-10-02
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
11 CVE-2013-5369 94 Exec Code 2013-09-16 2013-09-18
9.3
None Remote Medium Not required Complete Complete Complete
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service.
12 CVE-2013-4804 Exec Code +Info 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
13 CVE-2013-4042 Exec Code 2013-09-30 2013-10-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370.
14 CVE-2013-4031 255 2013-08-09 2013-10-04
10.0
None Remote Low Not required Complete Complete Complete
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
15 CVE-2013-3027 189 Exec Code Overflow 2013-08-09 2013-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.
16 CVE-2013-3026 119 Exec Code Overflow 2013-06-16 2013-06-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site.
17 CVE-2013-3012 2013-07-23 2014-01-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.
18 CVE-2013-3011 2013-07-23 2014-01-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.
19 CVE-2013-3010 2013-07-23 2013-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3007.
20 CVE-2013-3009 2013-07-23 2014-01-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3011 and CVE-2013-3012.
21 CVE-2013-3008 2013-07-23 2013-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.
22 CVE-2013-3007 2013-07-23 2013-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.
23 CVE-2013-3006 2013-07-23 2013-08-22
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.
24 CVE-2013-3003 Exec Code 2013-07-02 2013-07-02
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors.
25 CVE-2013-2366 Exec Code +Info 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802.
26 CVE-2013-1777 94 Exec Code 2013-07-11 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
27 CVE-2013-0600 Bypass 2013-05-09 2013-05-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors.
28 CVE-2013-0593 Exec Code 2013-04-26 2013-04-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors.
29 CVE-2013-0501 264 2013-04-12 2013-04-15
9.3
None Remote Medium Not required Complete Complete Complete
The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site.
30 CVE-2013-0485 2014-01-21 2014-01-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Java SDK before 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.
31 CVE-2013-0462 2013-01-27 2013-01-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.
32 CVE-2012-6349 119 Exec Code Overflow 2013-07-18 2013-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
33 CVE-2012-5955 Exec Code 2012-12-20 2012-12-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
34 CVE-2012-5947 119 Exec Code Overflow 2013-04-29 2013-04-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.
35 CVE-2012-5946 119 Exec Code Overflow 2013-04-29 2013-04-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
36 CVE-2012-5945 119 Exec Code Overflow 2013-04-29 2013-04-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.
37 CVE-2012-5937 Exec Code 2013-04-12 2013-04-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
38 CVE-2012-5759 264 Bypass 2012-11-23 2013-05-29
9.0
None Remote Low Single system Complete Complete Complete
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.
39 CVE-2012-4858 20 Exec Code 2013-03-05 2013-03-05
9.3
None Remote Medium Not required Complete Complete Complete
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.
40 CVE-2012-4857 119 Exec Code Overflow 2012-12-08 2013-03-25
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
41 CVE-2012-4823 Exec Code 2013-01-10 2013-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
42 CVE-2012-4822 Exec Code 2013-01-10 2013-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
43 CVE-2012-4821 Exec Code 2013-01-10 2013-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
44 CVE-2012-4820 +Priv 2013-01-10 2013-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
45 CVE-2012-3334 119 Exec Code Overflow 2012-09-25 2013-03-21
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
46 CVE-2012-3324 22 Dir. Trav. 2012-09-25 2012-09-26
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
47 CVE-2012-3298 DoS +Info 2012-09-25 2012-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
48 CVE-2012-2176 119 Exec Code Overflow 2012-05-25 2012-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
49 CVE-2012-2175 119 Exec Code Overflow 2012-06-20 2012-06-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
50 CVE-2012-2174 94 Exec Code 2012-06-20 2012-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Total number of vulnerabilities : 309   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.