Оказание услуг по настройке серверов, офисных АТС, аудит существующих информационных систем Кемерово
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 220.127.116.11, 6.4 before 18.104.22.168, and 7.1 before 22.214.171.124 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 126.96.36.199 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a… (dot dot) in a URL.
The Search REST API in IBM Business Process Manager 188.8.131.52, 184.108.40.206, and 220.127.116.11 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
IBM Maximo Asset Management 7.1 through 18.104.22.168 and 7.5.0 before 22.214.171.124 IFIX008, Maximo Asset Management 7.5.0 through 126.96.36.199 and 7.5.1 through 188.8.131.52 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 184.108.40.206 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
Race condition in the client in IBM Tivoli Storage Manager (TSM) 220.127.116.11 through 18.104.22.168, 22.214.171.124 through 126.96.36.199, 188.8.131.52 through 184.108.40.206, 6.2 before 220.127.116.11, 6.3 before 18.104.22.168, 6.4 before 22.214.171.124, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 126.96.36.199 before iFix007, 188.8.131.52 before iFix005, and 184.108.40.206 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 220.127.116.11 iFix007, and 6.0.5 before 18.104.22.168 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 22.214.171.124 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.