Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4216 | 1 Ibm | 1 Spectrum Protect Plus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | |||||
CVE-2020-4415 | 1 Ibm | 1 Spectrum Protect | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990. | |||||
CVE-2020-4288 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. | |||||
CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
CVE-2019-4705 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. | |||||
CVE-2020-4164 | 1 Ibm | 1 Security Information Queue | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400. | |||||
CVE-2020-4387 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269. | |||||
CVE-2020-4422 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. | |||||
CVE-2020-4248 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. | |||||
CVE-2019-4656 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | |||||
CVE-2020-4318 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356. | |||||
CVE-2020-4151 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201. | |||||
CVE-2018-1985 | 2 Apple, Ibm | 2 Macos, Security Rapport | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. | |||||
CVE-2020-4229 | 1 Ibm | 1 Mobile Foundation | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211. | |||||
CVE-2019-4676 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. | |||||
CVE-2020-4434 | 1 Ibm | 10 Aspera Application Platform On Demand, Aspera Faspex On Demand, Aspera High-speed Transfer Endpoint and 7 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900. | |||||
CVE-2019-4594 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810. | |||||
CVE-2020-4385 | 1 Ibm | 1 Verify Gateway | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||||
CVE-2020-4375 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. | |||||
CVE-2019-4667 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. |