Filtered by vendor Ibm
Subscribe
Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4643 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. | |||||
| CVE-2020-4975 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435. | |||||
| CVE-2020-4731 | 1 Ibm | 1 Aspera Shares | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055. | |||||
| CVE-2020-4778 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. | |||||
| CVE-2021-20411 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | 4.8 MEDIUM | 8.1 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191. | |||||
| CVE-2020-4483 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857. | |||||
| CVE-2021-20412 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192. | |||||
| CVE-2020-4724 | 1 Ibm | 1 I2 Analysts Notebook | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2019-4728 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. | |||||
| CVE-2020-4919 | 1 Ibm | 1 Cloud Pak System | 2024-02-28 | 5.5 MEDIUM | 3.8 LOW |
| IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. | |||||
| CVE-2020-4484 | 1 Ibm | 1 Urbancode Deploy | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. | |||||
| CVE-2020-4774 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. | |||||
| CVE-2020-4697 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790. | |||||
| CVE-2020-4845 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. | |||||
| CVE-2020-4869 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. | |||||
| CVE-2020-4790 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. | |||||
| CVE-2020-4280 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. | |||||
| CVE-2020-4795 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. | |||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. | |||||
| CVE-2020-4910 | 1 Ibm | 1 Cloud Pak System | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274. | |||||