CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 220.127.116.11 and 7.0 before 18.104.22.168 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
EMC Unisphere for VMAX 8.x before 22.214.171.124 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 126.96.36.199 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.
IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.