IBM : Security Vulnerabilities, CVEs, Published In 2008 (Information Leak) CVSS score >= 4
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434.
Max CVSS
5.0
EPSS Score
0.18%
Published
2008-12-10
Updated
2011-08-23
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.15%
Published
2008-10-31
Updated
2017-08-08
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
Max CVSS
5.0
EPSS Score
0.27%
Published
2008-10-22
Updated
2017-08-08
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-08-28
Updated
2017-08-08
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.
Max CVSS
5.0
EPSS Score
0.28%
Published
2008-08-08
Updated
2017-08-08
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-03-31
Updated
2011-03-08
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
Max CVSS
5.0
EPSS Score
0.58%
Published
2008-03-11
Updated
2017-08-08
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-05
Updated
2017-08-08
8 vulnerabilities found