Total
32250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4556 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. | |||||
| CVE-2020-4534 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. | |||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | |||||
| CVE-2020-4511 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366. | |||||
| CVE-2020-4499 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | |||||
| CVE-2020-4493 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | |||||
| CVE-2020-4491 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | |||||
| CVE-2020-4486 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. | |||||
| CVE-2020-4485 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860. | |||||
| CVE-2020-4484 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. | |||||
| CVE-2020-4482 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856. | |||||
| CVE-2020-4476 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | |||||
| CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2020-4466 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563. | |||||
| CVE-2020-4461 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. | |||||
| CVE-2020-4414 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989. | |||||
| CVE-2020-4412 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. | |||||
| CVE-2020-4410 | 1 Ibm | 2 Engineering Test Management, Rational Rhapsody Design Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539. | |||||
| CVE-2020-4399 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. | |||||
| CVE-2020-4383 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165. | |||||