CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Gain Privilege)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-0513 +Priv 2013-03-29 2013-03-29
7.2
 None Local Low Not required Complete Complete Complete
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
2 CVE-2013-0490 +Priv 2013-02-27 2013-02-28
7.2
 None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors.
3 CVE-2012-6357 264 +Priv Bypass 2013-02-20 2013-02-20
6.5
 None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
4 CVE-2012-6356 264 +Priv 2013-02-20 2013-02-20
6.5
 None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
5 CVE-2012-6355 264 +Priv 2013-02-20 2013-02-20
6.5
 None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
6 CVE-2012-5951 264 +Priv 2012-12-26 2013-03-11
7.2
 Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
7 CVE-2012-5767 +Priv 2013-02-27 2013-02-27
6.5
 None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.
8 CVE-2012-4850 20 +Priv 2012-11-14 2013-02-25
7.5
 None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
9 CVE-2012-4820 +Priv 2013-01-10 2013-01-11
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
10 CVE-2012-3317 264 +Priv 2012-12-05 2012-12-05
6.9
 None Local Medium Not required Complete Complete Complete
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
11 CVE-2012-2200 264 +Priv 2012-06-27 2013-03-21
7.2
 None Local Low Not required Complete Complete Complete
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
12 CVE-2012-2188 264 +Priv 2012-08-06 2012-08-07
7.2
 None Local Low Not required Complete Complete Complete
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
13 CVE-2012-1796 +Priv 2012-03-20 2012-08-13
7.2
 None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
14 CVE-2012-0745 264 +Priv 2012-05-04 2013-01-03
7.2
 None Local Low Not required Complete Complete Complete
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
15 CVE-2012-0702 287 +Priv 2013-01-31 2013-01-31
4.0
 None Remote Low Single system Partial None None
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
16 CVE-2012-0701 264 +Priv 2013-01-31 2013-02-06
6.5
 User Remote Low Single system Partial Partial Partial
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
17 CVE-2012-0204 +Priv 2013-01-31 2013-01-31
9.3
 None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
18 CVE-2012-0187 +Priv 2012-06-22 2012-06-22
9.3
 None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
19 CVE-2011-4061 +Priv 2011-10-17 2012-02-13
6.9
 None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
20 CVE-2011-3124 264 +Priv 2011-08-10 2012-06-15
7.2
 None Local Low Not required Complete Complete Complete
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.
21 CVE-2011-3123 264 +Priv 2011-08-10 2012-06-15
7.2
 None Local Low Not required Complete Complete Complete
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
22 CVE-2011-1321 264 +Priv 2011-03-08 2011-03-10
6.5
 None Remote Low Single system Partial Partial Partial
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).
23 CVE-2011-1311 264 +Priv 2011-03-08 2011-04-07
6.0
 None Remote Medium Single system Partial Partial Partial
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
24 CVE-2011-1223 119 Overflow +Priv 2011-07-17 2011-07-19
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.
25 CVE-2011-1222 119 Overflow +Priv 2011-07-17 2011-07-19
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.
26 CVE-2011-1205 119 Overflow +Priv 2011-03-29 2011-04-20
6.9
 None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
27 CVE-2011-1045 +Priv 2011-02-21 2011-02-22
6.8
 None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.
28 CVE-2010-5251 +Priv 2012-09-07 2012-09-07
6.9
 None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
29 CVE-2010-5204 +Priv 2012-09-06 2012-09-13
6.9
 None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information.
30 CVE-2010-4604 119 1 Overflow +Priv 2010-12-29 2011-01-04
6.9
 None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
31 CVE-2010-4274 264 +Priv 2010-11-16 2010-11-18
4.4
 None Local Medium Not required Partial Partial Partial
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.
32 CVE-2010-4236 1 +Priv 2010-11-12 2010-12-01
6.9
 None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.
33 CVE-2010-3895 264 1 +Priv 2010-11-12 2010-12-01
7.2
 None Local Low Not required Complete Complete Complete
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
34 CVE-2010-3733 264 +Priv 2010-10-05 2012-01-26
7.2
 None Local Low Not required Complete Complete Complete
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
35 CVE-2010-3405 119 Overflow +Priv 2010-09-16 2011-07-18
6.8
 None Local Low Single system Complete Complete Complete
Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.
36 CVE-2010-2518 264 +Priv 2010-06-30 2010-07-01
7.5
 User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information.
37 CVE-2010-1347 264 +Priv 2010-04-12 2012-03-19
7.2
 None Local Low Not required Complete Complete Complete
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.
38 CVE-2010-0961 119 Overflow +Priv 2010-03-10 2011-07-18
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
39 CVE-2010-0960 119 Overflow +Priv 2010-03-10 2010-08-21
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
40 CVE-2009-4362 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
 None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.
41 CVE-2009-4361 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
 None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.
42 CVE-2009-2669 264 +Priv 2009-08-05 2009-08-12
7.2
 Admin Local Low Not required Complete Complete Complete
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
43 CVE-2009-2434 119 Overflow +Priv 2009-07-13 2009-07-13
7.2
 Admin Local Low Not required Complete Complete Complete
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
44 CVE-2009-1355 119 Overflow +Priv 2009-04-21 2010-08-21
7.2
 Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
45 CVE-2009-0905 20 +Priv 2011-10-30 2012-02-29
1.7
 None Local Low Single system None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
46 CVE-2009-0900 119 Overflow +Priv 2011-10-30 2012-02-29
4.1
 None Local Medium Single system Partial Partial Partial
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
47 CVE-2009-0779 119 Overflow +Priv 2009-03-04 2009-03-04
7.2
 Admin Local Low Not required Complete Complete Complete
Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string."
48 CVE-2009-0439 264 +Priv 2009-02-24 2009-03-06
7.2
 Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
49 CVE-2008-5387 119 Overflow +Priv 2008-12-08 2010-08-21
6.2
 None Local High Not required Complete Complete Complete
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
50 CVE-2008-5386 119 Overflow +Priv 2008-12-08 2008-12-17
6.9
 Admin Local Medium Not required Complete Complete Complete
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
Total number of vulnerabilities : 165   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.