Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4968 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. | |||||
CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
CVE-2021-20341 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. | |||||
CVE-2020-4864 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567. | |||||
CVE-2019-4563 | 1 Ibm | 1 Security Directory Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624. | |||||
CVE-2020-4890 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | |||||
CVE-2021-20405 | 1 Ibm | 1 Security Verify Information Queue | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. | |||||
CVE-2020-4621 | 1 Ibm | 1 Data Risk Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. | |||||
CVE-2020-4704 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 4.3 MEDIUM | 5.4 MEDIUM |
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. | |||||
CVE-2020-4566 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | |||||
CVE-2020-4931 | 1 Ibm | 1 Mq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. | |||||
CVE-2020-4650 | 1 Ibm | 1 Maximo Spatial Asset Management | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | |||||
CVE-2020-4581 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441. | |||||
CVE-2020-4576 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. | |||||
CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-02-28 | 3.5 LOW | 6.4 MEDIUM |
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
CVE-2020-4747 | 1 Ibm | 1 Connect\ | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516. | |||||
CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | |||||
CVE-2020-4865 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741. | |||||
CVE-2020-4782 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. |