Оказание услуг по настройке серверов, офисных АТС, аудит существующих информационных систем Кемерово
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 126.96.36.199, 6.4 before 188.8.131.52, and 7.1 before 184.108.40.206 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 220.127.116.11 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a… (dot dot) in a URL.
The Search REST API in IBM Business Process Manager 18.104.22.168, 22.214.171.124, and 126.96.36.199 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
IBM Maximo Asset Management 7.1 through 188.8.131.52 and 7.5.0 before 184.108.40.206 IFIX008, Maximo Asset Management 7.5.0 through 220.127.116.11 and 7.5.1 through 18.104.22.168 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 22.214.171.124 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
Race condition in the client in IBM Tivoli Storage Manager (TSM) 126.96.36.199 through 188.8.131.52, 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 6.2 before 126.96.36.199, 6.3 before 188.8.131.52, 6.4 before 184.108.40.206, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 220.127.116.11 before iFix007, 18.104.22.168 before iFix005, and 22.214.171.124 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 126.96.36.199 iFix007, and 6.0.5 before 188.8.131.52 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 184.108.40.206 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.