CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3086 Exec Code +Priv 2014-08-11 2014-08-12
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.
2 CVE-2014-3074 264 +Priv 2014-07-02 2014-07-24
7.2
None Local Low Not required Complete Complete Complete
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
3 CVE-2014-3072 +Priv 2014-08-12 2014-08-13
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service.
4 CVE-2014-3048 +Priv 2014-06-08 2014-06-18
6.0
None Local High Single system Complete Complete Complete
Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command.
5 CVE-2014-3043 264 +Priv 2014-07-19 2014-07-23
6.5
None Remote Low Single system Partial Partial Partial
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.
6 CVE-2014-3020 264 +Priv 2014-07-29 2014-07-30
6.9
None Local Medium Not required Complete Complete Complete
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
7 CVE-2014-0935 +Priv 2014-06-04 2014-06-04
4.6
None Remote High Single system Partial Partial Partial
Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events.
8 CVE-2014-0907 +Priv 2014-05-30 2014-07-24
7.2
Admin Local Low Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
9 CVE-2014-0849 264 +Priv 2014-05-26 2014-05-27
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
10 CVE-2013-6744 264 +Priv 2014-05-30 2014-06-24
8.5
User Remote Medium Single system Complete Complete Complete
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
11 CVE-2013-6306 +Priv 2014-08-22 2014-08-27
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.
12 CVE-2013-5467 264 +Priv 2014-08-29 2014-08-29
7.2
None Local Low Not required Complete Complete Complete
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.
13 CVE-2013-5419 119 Overflow +Priv 2013-10-04 2013-12-05
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
14 CVE-2013-5416 +Priv 2013-12-18 2013-12-18
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
15 CVE-2013-5415 119 Overflow +Priv 2013-12-18 2013-12-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.
16 CVE-2013-5414 264 +Priv 2013-11-18 2013-11-19
3.5
None Remote Medium Single system None Partial None
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
17 CVE-2013-5383 264 +Priv 2013-10-01 2013-10-10
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
18 CVE-2013-5382 +Priv 2013-10-01 2013-10-10
4.0
None Remote Low Single system Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.
19 CVE-2013-5381 +Priv 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
20 CVE-2013-5373 264 +Priv 2013-09-25 2013-09-25
6.9
None Local Medium Not required Complete Complete Complete
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
21 CVE-2013-4011 +Priv 2013-07-18 2013-12-05
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
22 CVE-2013-3475 119 Overflow +Priv 2013-06-04 2013-06-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.
23 CVE-2013-3047 +Priv 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.
24 CVE-2013-3037 264 +Priv 2013-09-12 2013-09-12
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.
25 CVE-2013-3028 119 Overflow +Priv 2013-07-02 2013-07-03
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
26 CVE-2013-2964 119 Overflow +Priv 2013-10-04 2013-10-04
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
27 CVE-2013-0536 264 Exec Code +Priv 2013-06-21 2013-06-24
7.2
None Local Low Not required Complete Complete Complete
ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.
28 CVE-2013-0513 +Priv 2013-03-29 2013-03-29
7.2
None Local Low Not required Complete Complete Complete
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
29 CVE-2013-0490 +Priv 2013-02-27 2013-02-28
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors.
30 CVE-2012-6357 264 +Priv Bypass 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
31 CVE-2012-6356 264 +Priv 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
32 CVE-2012-6355 264 +Priv 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
33 CVE-2012-5951 264 +Priv 2012-12-26 2013-03-11
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
34 CVE-2012-5767 +Priv 2013-02-27 2013-02-27
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.
35 CVE-2012-4850 20 +Priv 2012-11-14 2013-02-25
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
36 CVE-2012-4820 +Priv 2013-01-10 2013-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
37 CVE-2012-3323 264 +Priv 2013-10-01 2013-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
38 CVE-2012-3317 264 +Priv 2012-12-05 2012-12-05
6.9
None Local Medium Not required Complete Complete Complete
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
39 CVE-2012-2200 264 +Priv 2012-06-27 2013-03-21
7.2
None Local Low Not required Complete Complete Complete
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
40 CVE-2012-2188 264 +Priv 2012-08-06 2012-08-07
7.2
None Local Low Not required Complete Complete Complete
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
41 CVE-2012-1796 +Priv 2012-03-20 2012-08-13
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
42 CVE-2012-0745 264 +Priv 2012-05-04 2013-01-03
7.2
None Local Low Not required Complete Complete Complete
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
43 CVE-2012-0702 287 +Priv 2013-01-31 2013-01-31
4.0
None Remote Low Single system Partial None None
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
44 CVE-2012-0701 264 +Priv 2013-01-31 2013-02-06
6.5
User Remote Low Single system Partial Partial Partial
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
45 CVE-2012-0204 +Priv 2013-01-31 2013-01-31
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
46 CVE-2012-0187 +Priv 2012-06-22 2012-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
47 CVE-2011-4061 +Priv 2011-10-17 2012-02-13
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
48 CVE-2011-3124 264 +Priv 2011-08-10 2012-06-15
7.2
None Local Low Not required Complete Complete Complete
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.
49 CVE-2011-3123 264 +Priv 2011-08-10 2012-06-15
7.2
None Local Low Not required Complete Complete Complete
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
50 CVE-2011-1321 264 +Priv 2011-03-08 2011-03-10
6.5
None Remote Low Single system Partial Partial Partial
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).
Total number of vulnerabilities : 193   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.