Total
15186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
|
|||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
|
|||||
| CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
|
|||||
| CVE-2020-4600 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.
|
|||||
| CVE-2020-4599 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.
|
|||||
| CVE-2020-4598 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.
|
|||||
| CVE-2020-4597 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.
|
|||||
| CVE-2020-4596 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.
|
|||||
| CVE-2020-4595 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.
|
|||||
| CVE-2020-4594 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.
|
|||||
| CVE-2020-4593 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.
|
|||||
| CVE-2020-4591 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2024-11-21 | 1.9 LOW | 3.3 LOW |
|
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
|
|||||
| CVE-2020-4578 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.
|
|||||
| CVE-2020-4559 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Spectrum Protect and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.
|
|||||
| CVE-2020-4548 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.
|
|||||
| CVE-2020-4509 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.
|
|||||
| CVE-2020-4496 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
|
|||||
| CVE-2020-4494 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
|
|||||
| CVE-2020-4420 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.
|
|||||
| CVE-2020-4414 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.
|
|||||
| CVE-2020-4412 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.
|
|||||
| CVE-2020-4411 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
|
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.
|
|||||
| CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the vict ...
Show More |
|||||
| CVE-2020-4387 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.
|
|||||
| CVE-2020-4386 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.
|
|||||
| CVE-2020-4383 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.
|
|||||
| CVE-2020-4382 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163.
|
|||||
| CVE-2020-4365 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.
|
|||||
| CVE-2020-4363 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.
|
|||||
| CVE-2020-4355 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.
|
|||||
| CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
|
|||||
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
|
|||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.
|
|||||
| CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
|
|||||
| CVE-2020-4280 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
|
|||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
|
|||||
| CVE-2020-4272 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.
|
|||||
| CVE-2020-4271 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.
|
|||||
| CVE-2020-4270 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.
|
|||||
| CVE-2020-4269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845.
|
|||||