IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969.
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors.
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.