Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4465 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. | |||||
CVE-2019-4591 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. | |||||
CVE-2020-4632 | 1 Ibm | 1 Infosphere Metadata Asset Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. | |||||
CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | |||||
CVE-2020-4261 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. | |||||
CVE-2020-4297 | 1 Ibm | 2 Doors Next, Rational Doors Next Generation | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474. | |||||
CVE-2020-4303 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. | |||||
CVE-2020-4238 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411. | |||||
CVE-2020-4244 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. | |||||
CVE-2020-4245 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. | |||||
CVE-2020-4486 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. | |||||
CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | |||||
CVE-2020-4378 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. | |||||
CVE-2020-4445 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122. | |||||
CVE-2020-4243 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. | |||||
CVE-2020-4463 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. | |||||
CVE-2020-4262 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. | |||||
CVE-2020-4557 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611. | |||||
CVE-2020-4360 | 1 Ibm | 1 Planning Analytics Local | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. | |||||
CVE-2020-4686 | 1 Ibm | 21 Flashsystem V5000, Flashsystem V5000 Firmware, Flashsystem V7200 and 18 more | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. |