Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4756 | 1 Ibm | 2 Elastic Storage Server, Spectrum Scale | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. | |||||
CVE-2020-4680 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. | |||||
CVE-2020-4893 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984. | |||||
CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | |||||
CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | |||||
CVE-2020-4928 | 1 Ibm | 1 Cloud Pak System | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. | |||||
CVE-2020-4791 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 1.8 LOW | 5.3 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379. | |||||
CVE-2020-4816 | 1 Ibm | 1 Cloud Pak For Security | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703. | |||||
CVE-2020-4916 | 1 Ibm | 1 Cloud Pak System | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. | |||||
CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | |||||
CVE-2020-4476 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | |||||
CVE-2020-4892 | 1 Ibm | 1 Emptoris Contract Management | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979. | |||||
CVE-2020-4491 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | |||||
CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036. | |||||
CVE-2020-4531 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. | |||||
CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | |||||
CVE-2020-4907 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
CVE-2020-5025 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. | |||||
CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. |