U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 83 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Published: January 03, 2012; 10:55:04 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Published: December 14, 2011; 10:57:35 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM

Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.

Published: November 23, 2011; 11:01:06 PM -0500
V3.x:(not available)
V2.0: 3.2 LOW

Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.

Published: July 17, 2011; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH

IBM Tivoli Directory Server (TDS) 5.2 before on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation.

Published: April 21, 2011; 6:55:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM

Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.

Published: March 23, 2011; 6:00:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH

IBM Lotus Quickr 8.1 before services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.

Published: March 22, 2011; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

Published: December 30, 2010; 2:00:06 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM

Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.

Published: August 30, 2010; 4:00:04 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

Published: July 02, 2010; 8:43:52 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

Published: May 27, 2010; 3:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

Published: May 20, 2010; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH

Director Agent 6.1 before in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.

Published: April 12, 2010; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH

Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).

Published: November 06, 2009; 10:30:00 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Published: October 15, 2009; 6:30:01 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Published: August 10, 2009; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH

The IBM Tivoli Storage Manager (TSM) client through on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.

Published: May 05, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH

UCM-CQ in IBM Rational ClearCase 7.0.0.x before, 7.0.1.x before, and 7.1.x before on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.

Published: April 14, 2009; 12:26:56 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

Published: January 30, 2009; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Published: August 29, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM