Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | |||||
CVE-2020-4338 | 1 Ibm | 1 Mq | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937. | |||||
CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | |||||
CVE-2020-4413 | 1 Ibm | 1 Security Secret Server | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. | |||||
CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
CVE-2019-4286 | 1 Ibm | 1 Maximo Anywhere | 2024-02-28 | 2.1 LOW | 4.3 MEDIUM |
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. | |||||
CVE-2020-4573 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | |||||
CVE-2020-4186 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. | |||||
CVE-2020-4305 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. | |||||
CVE-2020-4265 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. | |||||
CVE-2020-4552 | 1 Ibm | 1 I2 Analysts Notebook | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320. | |||||
CVE-2020-4527 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631. | |||||
CVE-2020-4381 | 1 Ibm | 1 Elastic Storage Server | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162. | |||||
CVE-2020-4259 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. | |||||
CVE-2020-4522 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397. | |||||
CVE-2019-4668 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250. | |||||
CVE-2020-4459 | 1 Ibm | 1 Security Secret Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | |||||
CVE-2020-4199 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. | |||||
CVE-2019-4699 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | |||||
CVE-2020-4432 | 1 Ibm | 10 Aspera Application Platform On Demand, Aspera Faspex On Demand, Aspera High-speed Transfer Endpoint and 7 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810. |