Vulnerabilities (CVE)

Filtered by CWE-922
Total 201 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25776 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2020-4906 1 Ibm 1 Financial Transaction Manager For Multiplatform 2024-02-28 2.1 LOW 3.3 LOW
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
CVE-2020-4726 1 Ibm 1 Cloud Application Performance Management 2024-02-28 2.1 LOW 3.3 LOW
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
CVE-2020-4871 1 Ibm 1 Planning Analytics 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
CVE-2020-26176 1 Tangro 1 Business Workflow 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them.
CVE-2020-15775 1 Gradle 1 Enterprise 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.
CVE-2020-4674 1 Ibm 1 Workload Automation 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.
CVE-2019-19561 1 Harman 1 Hermes 2024-02-28 2.1 LOW 2.4 LOW
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.
CVE-2021-27170 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
CVE-2021-28653 1 Westerndigital 1 Armorlock 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
CVE-2020-9202 1 Huawei 1 Te Mobile 2024-02-28 2.1 LOW 4.4 MEDIUM
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure.
CVE-2019-4695 1 Ibm 1 Guardium Data Encryption 2024-02-28 2.1 LOW 3.3 LOW
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
CVE-2020-5262 1 Easybuild Project 1 Easybuild 2024-02-28 2.1 LOW 5.5 MEDIUM
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
CVE-2020-8482 1 Abb 1 Device Library Wizard 2024-02-28 2.1 LOW 5.5 MEDIUM
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
CVE-2020-8481 1 Abb 1 800xa System 2024-02-28 10.0 HIGH 9.8 CRITICAL
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.
CVE-2020-4371 1 Ibm 1 Verify Gateway 2024-02-28 2.1 LOW 3.3 LOW
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
CVE-2020-7000 1 Visam 2 Vbase Editor, Vbase Web-remote 2024-02-28 5.0 MEDIUM 7.5 HIGH
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.
CVE-2020-4344 1 Ibm 1 Tivoli Business Service Manager 2024-02-28 2.1 LOW 3.3 LOW
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
CVE-2020-4171 1 Ibm 1 Security Guardium Insights 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.
CVE-2019-13717 2 Google, Opensuse 2 Chrome, Backports Sle 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.