Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:/o:ibm:z/os:2.3
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before on z/OS; 6.1 and 6.2 before on Windows, before on AIX and Linux x86, and before on Linux Z and Solaris; 6.3 before on AIX, before on Windows, and before on Linux; 6.4 before; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

Published: February 13, 2015; 9:59:01 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Published: January 02, 2014; 9:59:03 AM -0500
V3.x:(not available)
V2.0: 8.5 HIGH

Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.

Published: December 26, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH

IBM WebSphere Application Server (WAS) 6.0.x through, 6.1.x before, and 7.0.x before on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

Published: April 13, 2011; 10:55:01 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM

mod_ibm_ssl in IBM HTTP Server 6.0 before, 6.1 before, and 7.0 before, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload.

Published: June 18, 2010; 2:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM

IBM WebSphere Application Server (WAS) 6.1.x before and 7.0.x before, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

Published: May 03, 2010; 9:51:52 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW

Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before, and 6.1 before on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 09, 2009; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.

Published: February 25, 2009; 11:30:00 AM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM