Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4551 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319.
|
|||||
| CVE-2020-4550 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318.
|
|||||
| CVE-2020-4549 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.
|
|||||
| CVE-2020-4548 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.
|
|||||
| CVE-2020-4547 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
|
|||||
| CVE-2020-4546 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
|
|||||
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.
|
|||||
| CVE-2020-4544 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
|
|||||
| CVE-2020-4542 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046.
|
|||||
| CVE-2020-4541 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039.
|
|||||
| CVE-2020-4539 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2020-4536 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.
|
|||||
| CVE-2020-4535 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.
|
|||||
| CVE-2020-4534 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.
|
|||||
| CVE-2020-4533 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717.
|
|||||
| CVE-2020-4532 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.
|
|||||
| CVE-2020-4531 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.
|
|||||
| CVE-2020-4530 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714.
|
|||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.
|
|||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658.
|
|||||
| CVE-2020-4527 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.
|
|||||
| CVE-2020-4526 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.
|
|||||
| CVE-2020-4525 | 1 Ibm | 2 Engineering Workflow Management, Rational Rhapsody Design Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435.
|
|||||
| CVE-2020-4524 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
|
|||||
| CVE-2020-4522 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
|
|||||
| CVE-2020-4521 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
|
|||||
| CVE-2020-4520 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
|
|||||
| CVE-2020-4516 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.
|
|||||
| CVE-2020-4513 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368.
|
|||||
| CVE-2020-4512 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.
|
|||||
| CVE-2020-4511 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.
|
|||||
| CVE-2020-4510 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.5 MEDIUM | 5.5 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365.
|
|||||
| CVE-2020-4509 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.
|
|||||
| CVE-2020-4503 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.
|
|||||
| CVE-2020-4499 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
|
|||||
| CVE-2020-4498 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
|
|||||
| CVE-2020-4497 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | N/A | 6.8 MEDIUM |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.
|
|||||
| CVE-2020-4496 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
|
|||||
| CVE-2020-4495 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
|
|||||
| CVE-2020-4494 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
|
|||||