Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4362 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.
|
|||||
| CVE-2020-4361 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.
|
|||||
| CVE-2020-4360 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.
|
|||||
| CVE-2020-4358 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.
|
|||||
| CVE-2020-4357 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.
|
|||||
| CVE-2020-4355 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.
|
|||||
| CVE-2020-4354 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506.
|
|||||
| CVE-2020-4353 | 1 Ibm | 1 Maas360 | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505.
|
|||||
| CVE-2020-4352 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
|
|||||
| CVE-2020-4350 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.
|
|||||
| CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.
|
|||||
| CVE-2020-4348 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
|
|||||
| CVE-2020-4347 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.
|
|||||
| CVE-2020-4346 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.
|
|||||
| CVE-2020-4345 | 1 Ibm | 1 I | 2024-11-21 | 1.9 LOW | 3.3 LOW |
|
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.
|
|||||
| CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
|
|||||
| CVE-2020-4343 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.
|
|||||
| CVE-2020-4342 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.
|
|||||
| CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.
|
|||||
| CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.
|
|||||
| CVE-2020-4338 | 1 Ibm | 1 Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.
|
|||||
| CVE-2020-4337 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.
|
|||||
| CVE-2020-4336 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.
|
|||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
|
|||||
| CVE-2020-4328 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
|
|||||
| CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.
|
|||||
| CVE-2020-4325 | 1 Ibm | 2 Cloud Pak For Automation, Process Federation Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.
|
|||||
| CVE-2020-4324 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.
|
|||||
| CVE-2020-4323 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514.
|
|||||
| CVE-2020-4322 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.
|
|||||
| CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
|
|||||
| CVE-2020-4319 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.
|
|||||
| CVE-2020-4318 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
|
|||||
| CVE-2020-4317 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
|
|||||
| CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.
|
|||||
| CVE-2020-4312 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089.
|
|||||
| CVE-2020-4311 | 1 Ibm | 1 Tivoli Monitoring | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
|
|||||
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
|
|||||
| CVE-2020-4309 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080.
|
|||||
| CVE-2020-4307 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.
|
|||||