Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4306 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.
|
|||||
| CVE-2020-4305 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.
|
|||||
| CVE-2020-4304 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.
|
|||||
| CVE-2020-4303 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.
|
|||||
| CVE-2020-4302 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
|
|||||
| CVE-2020-4301 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.
|
|||||
| CVE-2020-4300 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
|
|||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.
|
|||||
| CVE-2020-4298 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.
|
|||||
| CVE-2020-4297 | 1 Ibm | 2 Doors Next, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474.
|
|||||
| CVE-2020-4295 | 1 Ibm | 2 Doors Next, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408.
|
|||||
| CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
|
|||||
| CVE-2020-4292 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. IBM X-Force ID: 176335.
|
|||||
| CVE-2020-4291 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334.
|
|||||
| CVE-2020-4290 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.
|
|||||
| CVE-2020-4289 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332.
|
|||||
| CVE-2020-4288 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270.
|
|||||
| CVE-2020-4287 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269.
|
|||||
| CVE-2020-4286 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.
|
|||||
| CVE-2020-4285 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266
|
|||||
| CVE-2020-4284 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.
|
|||||
| CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206.
|
|||||
| CVE-2020-4282 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205.
|
|||||
| CVE-2020-4281 | 1 Ibm | 2 Doors Next, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141.
|
|||||
| CVE-2020-4280 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
|
|||||
| CVE-2020-4278 | 1 Ibm | 3 Platform Lsf, Spectrum Computing For High Performance Analytics, Spectrum Lsf | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.
|
|||||
| CVE-2020-4277 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.
|
|||||
| CVE-2020-4276 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
|
|||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
|
|||||
| CVE-2020-4273 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.
|
|||||
| CVE-2020-4272 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.
|
|||||
| CVE-2020-4271 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.
|
|||||
| CVE-2020-4270 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.
|
|||||
| CVE-2020-4269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845.
|
|||||
| CVE-2020-4268 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841.
|
|||||
| CVE-2020-4267 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
|
|||||
| CVE-2020-4266 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.
|
|||||
| CVE-2020-4265 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.
|
|||||
| CVE-2020-4264 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.
|
|||||
| CVE-2020-4263 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.
|
|||||