5 matches found
CVE-2013-4024
CVE-2013-4024 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The issue arises from the Web Console serving over HTTP, allowing remote attackers to read sessio...
CVE-2014-6154
CVE-2014-6154 is a directory-traversal vulnerability in IBM Optim Performance Manager for DB2 (versions 4.1.0.1–4.1.1) and IBM InfoSphere Optim Performance Manager for DB2 (versions 5.1–5.3.1), applicable on Linux, UNIX, and Windows. A remote attacker can obtain arbitrary file contents by supplyi...
CVE-2013-4025
CVE-2013-4025 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The root cause is lack of an off autocomplete attribute on the login-password field, enabling an ...
CVE-2013-4022
CVE-2013-4022 affects IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert. A flaw stores unspecified authentication information in cookies, enabling remote authenticated users to bypass access restrictions via unknown vectors...
CVE-2013-2979
CVE-2013-2979 is a directory traversal vulnerability in IBM Optim Performance Manager (OPM) for DB2, affecting IBM 4.1.0–4.1.1 and 5.1–5.1.1.x. A remotely authenticated attacker could craft a URL to traverse directories and read sensitive files outside the installation directory if the server pro...