Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4451 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.
|
|||||
| CVE-2019-4450 | 1 Ibm | 1 I | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.
|
|||||
| CVE-2019-4429 | 1 Ibm | 10 Control Desk, Maximo Anywhere, Maximo For Aviation and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
|
|||||
| CVE-2019-4428 | 1 Ibm | 1 Watson Assistant For Ibm Cloud Pak For Data | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.
|
|||||
| CVE-2019-4426 | 1 Ibm | 2 Business Automation Workflow, Case Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.
|
|||||
| CVE-2019-4410 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.
|
|||||
| CVE-2019-4409 | 1 Hcltech | 1 Traveler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2019-4403 | 1 Ibm | 1 Connections | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
|
|||||
| CVE-2019-4388 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
|
|||||
| CVE-2019-4342 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.
|
|||||
| CVE-2019-4324 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
|
|||||
| CVE-2019-4303 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
|
|||||
| CVE-2019-4270 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.
|
|||||
| CVE-2019-4258 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946.
|
|||||
| CVE-2019-4250 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
|
|||||
| CVE-2019-4249 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
|
|||||
| CVE-2019-4238 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.
|
|||||
| CVE-2019-4237 | 1 Ibm | 3 Infosphere Information Governance Catalog, Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.
|
|||||
| CVE-2019-4226 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.
|
|||||
| CVE-2019-4211 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.
|
|||||
| CVE-2019-4204 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125.
|
|||||
| CVE-2019-4186 | 1 Ibm | 1 Jazz For Service Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
|
|||||
| CVE-2019-4184 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.
|
|||||
| CVE-2019-4157 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
|
|||||
| CVE-2019-4149 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.
|
|||||
| CVE-2019-4148 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414.
|
|||||
| CVE-2019-4139 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.
|
|||||
| CVE-2019-4137 | 1 Ibm | 1 Spectrum Control | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333.
|
|||||
| CVE-2019-4136 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.
|
|||||
| CVE-2019-4134 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.
|
|||||
| CVE-2019-4120 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.
|
|||||
| CVE-2019-4115 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.
|
|||||
| CVE-2019-4106 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099.
|
|||||
| CVE-2019-4098 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.
|
|||||
| CVE-2019-4091 | 1 Hcltech | 1 Marketing Campaign | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "
|
|||||
| CVE-2019-4090 | 1 Hcltech | 1 Marketing Campaign | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
|
|||||
| CVE-2019-4083 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
|
|||||
| CVE-2019-4077 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111.
|
|||||
| CVE-2019-4076 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110.
|
|||||
| CVE-2019-4075 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109.
|
|||||