CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2015-1992
https://notcve.org/view.php?id=CVE-2015-1992
23 Aug 2015 — IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors. Vulnerabilidad en IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0 y 6.3.6.0 procesa inadecuadamente eventos, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=nas7d9a0db411a9071e986257e8c0029b365 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3099
https://notcve.org/view.php?id=CVE-2014-3099
06 Dec 2014 — Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el componente Security en IBM Systems Director 6.3.0 hasta 6.3.5 permite a usuarios locales obtener información sensible a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas76c9e0fe437973f6c86257d48003b00b9 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2188
https://notcve.org/view.php?id=CVE-2012-2188
06 Aug 2012 — IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. IBM Power Hardware Management Console (HMC) v7R3.5.0 anteriores a vSP4, v7R7.1.0 y 7R7.2.0 anteriores a v7R7.2.0 SP3, y 7R7.3.0 anteriores a S... • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2163
https://notcve.org/view.php?id=CVE-2011-2163
20 May 2011 — Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. Vulnerabilidad no especificada en Virtualization Manager v1.2.2 en IBM Systems Director v1.2.2, tiene un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4274
https://notcve.org/view.php?id=CVE-2010-4274
16 Nov 2010 — reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. reset_diragent_keys en el agente Common en IBM Systems Director v6.2.0 tiene 754 de permisos, lo que permite a usuarios locales obtener privilegios aprovechando su pertenencia al grupo del sistema • http://secunia.com/advisories/42239 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 42EXPL: 0CVE-2010-1632 – HP Security Bulletin HPSBHF03655 1
https://notcve.org/view.php?id=CVE-2010-1632
22 Jun 2010 — Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrate... • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-1347
https://notcve.org/view.php?id=CVE-2010-1347
12 Apr 2010 — Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts. Director Agent v6.1 anterior a v6.1.2.3 en IBM Systems Director en AIX y Linux utiliza permisos incorrectos para las secuencias de comandos (1) diruninstall and (2) opt/ibm/director/bin/wcitinst, lo cual permite a usuarios locales conseguir privilegios mediante la e... • http://osvdb.org/63595 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 22%CPEs: 16EXPL: 2CVE-2009-0879 – IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0879
12 Mar 2009 — The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un nombre largo "consumer", como se ha demostrado en una petición M-POST a una URI larga /CIMList... • https://www.exploit-db.com/exploits/8190 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 63%CPEs: 16EXPL: 4CVE-2009-0880 – IBM System Director Agent 5.20 - CIM Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0880
12 Mar 2009 — Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petic... • https://www.exploit-db.com/exploits/32845 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 0CVE-2007-5612
https://notcve.org/view.php?id=CVE-2007-5612
21 Nov 2007 — CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 • CWE-399: Resource Management Errors •