CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3055 89 Exec Code Sql 2014-07-29 2014-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2 CVE-2014-0966 89 Exec Code Sql 2014-08-17 2014-08-18
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
3 CVE-2013-6331 89 Exec Code Sql 2014-03-05 2014-03-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302.
4 CVE-2013-6321 89 Exec Code Sql 2014-01-10 2014-01-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2013-6311 89 Exec Code Sql 2014-06-27 2014-06-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2013-6302 89 Exec Code Sql 2014-03-05 2014-03-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331.
7 CVE-2013-5409 89 Exec Code Sql 2013-12-21 2013-12-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2013-4058 89 Exec Code Sql 2014-03-16 2014-07-18
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.
9 CVE-2013-4017 89 Exec Code Sql 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2013-4016 89 Exec Code Sql 2014-05-26 2014-05-27
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
11 CVE-2013-3973 89 Exec Code Sql 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2013-3033 89 Exec Code Sql 2013-07-29 2013-10-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2013-2974 264 Sql Bypass 2014-01-29 2014-01-29
7.5
None Remote Low Not required Partial Partial Partial
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL.
14 CVE-2013-2956 89 Exec Code Sql 2013-05-27 2013-05-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2013-0560 89 Exec Code Sql 2013-07-03 2013-07-03
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766.
16 CVE-2013-0511 89 Exec Code Sql 2013-03-29 2013-03-29
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
17 CVE-2013-0451 89 Exec Code Sql 2013-10-01 2013-10-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2012-5766 89 Exec Code Sql 2013-07-03 2013-10-11
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560.
19 CVE-2012-5760 89 Exec Code Sql 2013-02-20 2013-02-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
20 CVE-2012-2171 89 Exec Code Sql 2012-06-22 2012-06-22
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
21 CVE-2012-0747 89 Exec Code Sql 2012-09-10 2013-04-01
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2012-0728 89 Exec Code Sql 2012-09-10 2012-09-11
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
23 CVE-2012-0727 89 Exec Code Sql 2012-09-10 2012-09-11
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2012-0199 89 Exec Code Sql 2012-03-05 2012-03-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.
25 CVE-2011-4816 89 Exec Code Sql 2012-03-12 2012-03-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
26 CVE-2011-2141 89 Exec Code Sql 2011-05-16 2011-09-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2011-1390 89 Exec Code Sql 2012-05-14 2012-10-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
28 CVE-2011-1343 89 Exec Code Sql 2011-03-09 2011-03-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
29 CVE-2010-2635 89 Exec Code Sql 2010-11-09 2010-11-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."
30 CVE-2009-2093 89 Exec Code Sql 2009-08-13 2009-08-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2008-4806 89 Exec Code Sql 2008-10-31 2008-11-03
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
32 CVE-2007-4368 89 1 Exec Code Sql 2007-08-15 2009-01-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
33 CVE-2007-3128 Exec Code Sql 2007-06-19 2008-09-05
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
34 CVE-2004-0253 DoS Exec Code Sql 2004-11-23 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
35 CVE-2002-0554 Sql Bypass 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.