Search Results (702 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0700 1 Ibm 2 Infosphere Fasttrack, Infosphere Information Server 2025-04-11 N/A
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
CVE-2012-0701 1 Ibm 2 Infosphere Datastage, Infosphere Information Server 2025-04-11 N/A
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2012-0702 1 Ibm 2 Infosphere Information Server, Infosphere Information Server Information Services Framework 2025-04-11 N/A
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2012-0703 1 Ibm 2 Infosphere Information Server, Infosphere Information Server Information Services Framework 2025-04-11 N/A
Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-0705 1 Ibm 2 Infosphere Information Server, Infosphere Information Server Metabrokers \& Bridges 2025-04-11 N/A
InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors.
CVE-2012-0715 1 Ibm 2 Ilog Jviews Gantt, Tivoli Change And Configuration Management Database 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3309 1 Ibm 1 Infosphere Guardium 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2013-0580 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2013-0584 1 Ibm 1 Infosphere Replication Server 2025-04-11 N/A
The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors.
CVE-2013-0585 1 Ibm 1 Infosphere Information Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces.
CVE-2013-2953 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVE-2013-2954 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-2955 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue.
CVE-2013-2956 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-2957 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-2959 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-2979 1 Ibm 2 Infosphere Optim Performance Manager, Optim Performance Manager 2025-04-11 N/A
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2013-3003 1 Ibm 1 Ims Enterprise Suite 2025-04-11 N/A
Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors.
CVE-2013-3034 1 Ibm 1 Infosphere Information Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console.
CVE-2013-3040 1 Ibm 1 Infosphere Information Server 2025-04-11 N/A
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.