National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:ibm:aix:6.1
There are 138 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

Published: June 22, 2018; 10:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-1383

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

Published: February 13, 2018; 03:29:00 PM -05:00
V3.0: 9.1 CRITICAL
    V2: 9.0 HIGH
CVE-2017-1692

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.

Published: February 07, 2018; 12:29:01 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-1541

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

Published: October 03, 2017; 09:29:03 PM -04:00
V3.0: 7.3 HIGH
    V2: 7.5 HIGH
CVE-2016-8972

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Published: February 15, 2017; 02:59:01 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-6079

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

Published: February 15, 2017; 02:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-1093

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

Published: February 02, 2017; 05:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-8977

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

Published: February 01, 2017; 05:59:01 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-8963

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Published: February 01, 2017; 05:59:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2016-8967

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

Published: February 01, 2017; 04:59:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2016-0371

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

Published: February 01, 2017; 04:59:00 PM -05:00
V3.0: 4.7 MEDIUM
    V2: 1.9 LOW
CVE-2016-8981

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Published: February 01, 2017; 03:59:03 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2016-8980

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Published: February 01, 2017; 03:59:03 PM -05:00
V3.0: 8.1 HIGH
    V2: 7.5 HIGH
CVE-2016-8966

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Published: February 01, 2017; 03:59:03 PM -05:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-8961

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Published: February 01, 2017; 03:59:03 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2016-5985

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.

Published: February 01, 2017; 03:59:01 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-3053

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

Published: February 01, 2017; 03:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Published: January 27, 2017; 05:59:02 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-10086

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

Published: January 18, 2017; 05:59:00 PM -05:00
V3.0: 8.1 HIGH
    V2: 5.5 MEDIUM
CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

Published: September 30, 2016; 09:59:08 PM -04:00
V3.0: 7.3 HIGH
    V2: 6.9 MEDIUM