Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4693 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. | |||||
CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | |||||
CVE-2020-4521 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. | |||||
CVE-2020-4233 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. | |||||
CVE-2019-4603 | 1 Ibm | 1 Rational Quality Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295. | |||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
CVE-2020-4195 | 1 Ibm | 1 Api Connect | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | |||||
CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
CVE-2020-4361 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. | |||||
CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. | |||||
CVE-2020-4559 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Spectrum Protect and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. | |||||
CVE-2020-4203 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956. | |||||
CVE-2020-4166 | 1 Ibm | 1 Security Guardium Insights | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | |||||
CVE-2020-4411 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 7.1 HIGH |
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. | |||||
CVE-2020-4289 | 1 Ibm | 1 Security Information Queue | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332. | |||||
CVE-2020-4548 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. | |||||
CVE-2020-4511 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366. | |||||
CVE-2019-4737 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707. | |||||
CVE-2020-4379 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. | |||||
CVE-2020-4366 | 1 Ibm | 1 Planning Analytics Local | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. |