Ibm Os 400 vulnerabilities

CVE-2008-2709 [MEDIUM] CWE-119 CVE-2008-2709: Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, a Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.

CVE-2008-0694 [MEDIUM] CWE-79 CVE-2008-0694: Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows r Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

CVE-2007-3537 [HIGH] CVE-2007-3537: IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN pack IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.

CVE-2007-0442 [MEDIUM] CVE-2007-0442: Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.

CVE-2006-6836 [CRITICAL] CVE-2006-6836: Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and at Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.

CVE-2005-1182 [MEDIUM] CVE-2005-1182: Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.

CVE-2005-0899 [LOW] CVE-2005-0899: AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated use AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.

CVE-2002-1731 [LOW] CVE-2002-1731: The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.