Filtered by vendor Ibm
Subscribe
Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | |||||
| CVE-2020-4357 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. | |||||
| CVE-2019-4576 | 2 Ibm, Linux | 2 Qradar Network Packet Capture, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. | |||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | |||||
| CVE-2019-4694 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. | |||||
| CVE-2020-4205 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. | |||||
| CVE-2020-4551 | 1 Ibm | 1 I2 Analysts Notebook | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319. | |||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.5 MEDIUM | 7.4 HIGH |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | |||||
| CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | |||||
| CVE-2020-4384 | 1 Ibm | 2 Infosphere Information Server On Cloud, Infosphere Qualitystage | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. | |||||
| CVE-2020-4467 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721. | |||||
| CVE-2012-3340 | 1 Ibm | 1 Infosphere Guardium | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291. | |||||
| CVE-2020-4648 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. | |||||
| CVE-2020-4232 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. | |||||
| CVE-2020-4542 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046. | |||||
| CVE-2020-4449 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | |||||
| CVE-2020-4372 | 1 Ibm | 1 Verify Gateway | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | |||||
| CVE-2020-4223 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. | |||||
| CVE-2019-4747 | 1 Ibm | 2 Engineering Workflow Management, Rational Team Concert | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887. | |||||
| CVE-2020-4257 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. | |||||