Оказание услуг по настройке серверов, офисных АТС, аудит существующих информационных систем Кемерово
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 184.108.40.206, 6.4 before 220.127.116.11, and 7.1 before 18.104.22.168 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 22.214.171.124 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a… (dot dot) in a URL.
The Search REST API in IBM Business Process Manager 126.96.36.199, 188.8.131.52, and 184.108.40.206 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
IBM Maximo Asset Management 7.1 through 220.127.116.11 and 7.5.0 before 18.104.22.168 IFIX008, Maximo Asset Management 7.5.0 through 22.214.171.124 and 7.5.1 through 126.96.36.199 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 188.8.131.52 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
Race condition in the client in IBM Tivoli Storage Manager (TSM) 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 126.96.36.199 through 188.8.131.52, 6.2 before 184.108.40.206, 6.3 before 220.127.116.11, 6.4 before 18.104.22.168, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 22.214.171.124 before iFix007, 126.96.36.199 before iFix005, and 188.8.131.52 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 184.108.40.206 iFix007, and 6.0.5 before 220.127.116.11 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 18.104.22.168 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.