Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4957 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. | |||||
| CVE-2020-4953 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | |||||
| CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | |||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | |||||
| CVE-2020-4908 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. | |||||
| CVE-2020-4815 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | |||||
| CVE-2020-4649 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. | |||||
| CVE-2020-4640 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.8 LOW | 4.1 MEDIUM |
| Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | |||||
| CVE-2020-4565 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | |||||
| CVE-2020-4361 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. | |||||
| CVE-2020-4338 | 1 Ibm | 1 Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937. | |||||
| CVE-2020-4336 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932. | |||||
| CVE-2020-4309 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. | |||||
| CVE-2020-4226 | 1 Ibm | 1 Mobilefirst Platform Foundation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207. | |||||
| CVE-2020-4186 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. | |||||
| CVE-2020-4172 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | |||||
| CVE-2020-4159 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339. | |||||
| CVE-2020-4079 | 1 Combodo | 1 Itop | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0. | |||||
| CVE-2020-4045 | 1 Scuttlebutt | 1 Ssb-db | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which a malicious peer could use to get access to private data. This only affects peers running SSB-DB@20.0.0 who also have private messages, and is only known to be exploitable if you're also running SSB-OOO (default in SSB-Server), which exposes a thin wrapper around get() to anonymous peers. This is fixed in version 20.0.1. Note that users of SSB-Server verion 16.0.0 should upgrade to 16.0.1 to get the fixed version of SSB-DB. | |||||
| CVE-2020-3800 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . | |||||