Filtered by vendor Ibm
Subscribe
Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | |||||
| CVE-2020-4681 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427. | |||||
| CVE-2020-4680 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. | |||||
| CVE-2020-4679 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. | |||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | |||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | |||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
| CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | |||||
| CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | |||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | |||||
| CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | |||||
| CVE-2020-4668 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | |||||
| CVE-2020-4667 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282. | |||||
| CVE-2020-4666 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281. | |||||
| CVE-2020-4665 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | |||||
| CVE-2020-4664 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235. | |||||
| CVE-2020-4663 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234. | |||||
| CVE-2020-4662 | 1 Ibm | 1 Event Streams | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. | |||||
| CVE-2020-4661 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. | |||||