Filtered by vendor Ibm
Subscriptions
Total
7864 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0869 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager Hsm, Windows | 2025-04-09 | N/A |
| Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-0120 | 1 Ibm | 1 Websphere Datapower Xml Security Gateway Xs40 | 2025-04-09 | N/A |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | ||||
| CVE-2009-1334 | 1 Ibm | 1 Tivoli Continuous Data Protection For Files | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter. | ||||
| CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2009-1010 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. | ||||
| CVE-2009-3469 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | ||||
| CVE-2009-1174 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | ||||
| CVE-2009-0507 | 1 Ibm | 1 Websphere Process Server | 2025-04-09 | N/A |
| IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | ||||
| CVE-2009-1009 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. | ||||
| CVE-2009-1008 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. | ||||
| CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2025-04-09 | N/A |
| Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | ||||
| CVE-2009-0899 | 1 Ibm | 3 Integrated Solutions Console, Websphere Application Server, Websphere Portal | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | ||||
| CVE-2009-0897 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). | ||||
| CVE-2009-1906 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | ||||
| CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2025-04-09 | N/A |
| The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | ||||
| CVE-2009-1290 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. | ||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | ||||
| CVE-2007-4309 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | N/A |
| IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. | ||||
| CVE-2009-3516 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | ||||