Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-2478

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Aug, 2005 | 04:00
Updated At-08 Aug, 2024 | 01:29
Rejected At-
Credits

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Aug, 2005 | 04:00
Updated At:08 Aug, 2024 | 01:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/12703
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3873
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/11330
vdb-entry
x_refsource_BID
http://www-1.ibm.com/support/docview.wss?uid=swg21178665
x_refsource_MISC
http://secunia.com/advisories/22229
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1016975
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/447648/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
mailing-list
x_refsource_FULLDISC
http://securitytracker.com/id?1011545
vdb-entry
x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
vdb-entry
x_refsource_XF
http://www.osvdb.org/10490
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/12703
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2006/3873
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/11330
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21178665
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/22229
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1016975
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/archive/1/447648/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://securitytracker.com/id?1011545
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.osvdb.org/10490
Resource:
vdb-entry
x_refsource_OSVDB
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/12703
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2006/3873
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/11330
vdb-entry
x_refsource_BID
x_transferred
http://www-1.ibm.com/support/docview.wss?uid=swg21178665
x_refsource_MISC
x_transferred
http://secunia.com/advisories/22229
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1016975
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/archive/1/447648/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://securitytracker.com/id?1011545
vdb-entry
x_refsource_SECTRACK
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
vdb-entry
x_refsource_XF
x_transferred
http://www.osvdb.org/10490
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/12703
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3873
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11330
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21178665
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/22229
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1016975
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447648/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://securitytracker.com/id?1011545
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.osvdb.org/10490
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2004 | 05:00
Updated At:16 Apr, 2026 | 00:27

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
CA Technologies (Broadcom Inc.)
ca
>>unicenter_web_services_distributed_management>>Versions up to 3.1(inclusive)
cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>trading_partner_interchange>>Versions up to 4.2.2(inclusive)
cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>trading_partner_interchange>>4.2.1
cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>3.1.6
cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>3.1.7
cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.1.0
cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.1.0_rc4
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.1.1
cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.4
cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.5
cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.6
cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.7
cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.9
cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.11
cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.12
cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.14
cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.15
cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.16
cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.17
cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.18
cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
jetty
jetty
>>jetty_http_server>>4.2.19
cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.htmlcve@mitre.org
N/A
http://secunia.com/advisories/12703cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/22229cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1011545cve@mitre.org
N/A
http://securitytracker.com/id?1016975cve@mitre.org
N/A
http://www-1.ibm.com/support/docview.wss?uid=swg21178665cve@mitre.org
Vendor Advisory
http://www.osvdb.org/10490cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447648/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/11330cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/3873cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600cve@mitre.org
N/A
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/12703af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/22229af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1011545af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1016975af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-1.ibm.com/support/docview.wss?uid=swg21178665af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/10490af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/447648/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11330af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/3873af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/12703
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22229
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1011545
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016975
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21178665
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/10490
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447648/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11330
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3873
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/12703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22229
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1011545
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016975
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21178665
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/10490
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447648/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11330
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3873
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

259Records found
CVE-2010-1348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.44%
||
7 Day CHG~0.00%
Published-12 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CVE-2010-1243
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.21%
||
7 Day CHG~0.00%
Published-05 Apr, 2010 | 15:15
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-webin/a
CVE-2010-1632
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-22.37% / 97.38%
||
7 Day CHG~0.00%
Published-22 Jun, 2010 | 20:24
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Action-Not Available
Vendor-n/aIBM CorporationThe Apache Software Foundation
Product-geronimosynapseaxis2websphere_application_servertuscanyorchestration_director_enginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.56%
||
7 Day CHG~0.00%
Published-29 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-zoswebsphere_application_servern/a
CVE-2010-0557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-51.07% / 98.79%
||
7 Day CHG+0.28%
Published-05 Feb, 2010 | 22:13
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_expressn/a
CVE-2007-5090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 77.43%
||
7 Day CHG~0.00%
Published-26 Sep, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationIBM Corporation
Product-rational_clearquestsql_serverdb2n/a
CVE-2002-0555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.20%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_web_databladen/a
CVE-2009-3852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.69%
||
7 Day CHG~0.00%
Published-03 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."

Action-Not Available
Vendor-n/aIBM Corporation
Product-runtimes_for_java_technologyn/a
CVE-2009-3471
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.69%
||
7 Day CHG~0.00%
Published-29 Sep, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2002-0370
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-43.30% / 98.56%
||
7 Day CHG~0.00%
Published-05 Oct, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

Action-Not Available
Vendor-verityallume_systems_divisionn/aWinZipMicrosoft CorporationIBM Corporation
Product-windows_98_plus_packwindows_mekeyview_viewing_sdklotus_noteswinzipstuffit_expanderwindows_xpn/a
CVE-2002-0541
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.00% / 89.21%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_managern/a
CVE-2009-2085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 81.64%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.66%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-284
Improper Access Control
CVE-2009-2088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 81.52%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2002-0677
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.57% / 92.95%
||
7 Day CHG~0.00%
Published-12 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

Action-Not Available
Vendor-compaqxi_graphicsn/aHP Inc.IBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-sunosdextopirixsolaristru64hp-uxunixwareaixopenunixn/a
CVE-2002-1012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.34% / 87.07%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_management_frameworkn/a
CVE-2002-1011
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.34% / 87.07%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_management_frameworkn/a
CVE-2002-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.73% / 93.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_web_databladen/a
CVE-2001-1557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.03%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2001-1529
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 69.88%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2009-0903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.16% / 79.83%
||
7 Day CHG~0.00%
Published-24 Jun, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2002-1622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.03% / 85.78%
||
7 Day CHG~0.00%
Published-26 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2009-1521
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.69%
||
7 Day CHG~0.00%
Published-05 May, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_clienttivoli_storage_manager_expressn/a
CVE-2001-1504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.08%
||
7 Day CHG~0.00%
Published-21 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-2001-1265
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.18% / 89.61%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.

Action-Not Available
Vendor-n/aIBM Corporation
Product-alphaworks_tftp_servern/a
CVE-2001-1313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.94% / 89.07%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_domino_r5n/a
CVE-2001-1309
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.28% / 91.51%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aIBM Corporation
Product-secureway_directoryn/a
CVE-2001-1312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.48% / 90.23%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_domino_r5n/a
CVE-2001-1311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.04% / 93.37%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_domino_r5n/a
CVE-2001-1310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.48% / 90.23%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aIBM Corporation
Product-secureway_directoryn/a
CVE-2002-0037
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 83.56%
||
7 Day CHG~0.00%
Published-12 Apr, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_domino_servern/a
CVE-2000-1138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.13%
||
7 Day CHG~0.00%
Published-19 Dec, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-2009-0508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.92% / 85.22%
||
7 Day CHG~0.00%
Published-16 Mar, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2001-0962
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.48%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commerce_suitewebsphere_application_servern/a
CVE-2001-0824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 80.28%
||
7 Day CHG~0.00%
Published-22 Nov, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2001-0319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.10% / 93.42%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Action-Not Available
Vendor-n/aIBM Corporation
Product-net.commerce_hosting_serverwebsphere_commerce_suitenet.commercen/a
CVE-2001-0051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 84.56%
||
7 Day CHG~0.00%
Published-02 Feb, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CVE-2000-1168
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 77.31%
||
7 Day CHG~0.00%
Published-19 Dec, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Action-Not Available
Vendor-n/aIBM Corporation
Product-http_servern/a
CVE-2008-5329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.56%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestn/a
CVE-2000-0891
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.99% / 85.57%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-1999-1574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.03% / 85.78%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-3856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 81.86%
||
7 Day CHG~0.00%
Published-28 Aug, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CVE-2008-4806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.26%
||
7 Day CHG~0.00%
Published-31 Oct, 2008 | 17:18
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_connectionsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-1999-1531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.87% / 90.91%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.

Action-Not Available
Vendor-n/aIBM Corporation
Product-homepageprintn/a
CVE-1999-0903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 70.77%
||
7 Day CHG~0.00%
Published-18 Apr, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-2242
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.72% / 96.23%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)Broadcom Inc.
Product-brightstor_arcserve_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0429
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.37% / 68.41%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-1999-0284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.63% / 95.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-exchange_serverlotus_domino_mail_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.09% / 94.64%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NLS (Natural Language Service).

Action-Not Available
Vendor-crayn/aIBM CorporationSlackwareGNURed Hat, Inc.
Product-linuxaixslackware_linuxunicosunicos_maxlibcn/a
CVE-1999-0057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.25% / 94.18%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vacation program allows command execution by remote users through a sendmail command.

Action-Not Available
Vendor-eric_allmann/aHP Inc.IBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunosvvossolarisvacationfreebsdhp-uxaixn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found