Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
|
|||||
| CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
|
|||||
| CVE-2020-4885 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
|
|||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
|
|||||
| CVE-2020-4883 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907.
|
|||||
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.
|
|||||
| CVE-2020-4881 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.
|
|||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.
|
|||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.
|
|||||
| CVE-2020-4876 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.
|
|||||
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.
|
|||||
| CVE-2020-4873 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
|
|||||
| CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
|
|||||
| CVE-2020-4870 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.
|
|||||
| CVE-2020-4869 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.
|
|||||
| CVE-2020-4868 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.
|
|||||
| CVE-2020-4866 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
|
|||||
| CVE-2020-4865 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
|
|||||
| CVE-2020-4864 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.
|
|||||
| CVE-2020-4863 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
|
|||||
| CVE-2020-4857 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.
|
|||||
| CVE-2020-4856 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
|
|||||
| CVE-2020-4855 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
|
|||||
| CVE-2020-4854 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.
|
|||||
| CVE-2020-4851 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.
|
|||||
| CVE-2020-4850 | 1 Ibm | 1 Gpfs.tct.server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298.
|
|||||
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294.
|
|||||
| CVE-2020-4848 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.
|
|||||
| CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290.
|
|||||
| CVE-2020-4845 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289.
|
|||||
| CVE-2020-4843 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.
|
|||||
| CVE-2020-4842 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.
|
|||||
| CVE-2020-4841 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045.
|
|||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.
|
|||||
| CVE-2020-4839 | 1 Ibm | 6 8335-gca, 8335-gca Firmware, 8335-gta and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037.
|
|||||
| CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.
|
|||||
| CVE-2020-4832 | 1 Ibm | 2 Aix, Powerha | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
|
|||||
| CVE-2020-4831 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.
|
|||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
|
|||||
| CVE-2020-4828 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.
|
|||||