Filtered by vendor Ibm
Subscribe
Total
7797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5016 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. | |||||
| CVE-2020-5015 | 2 Ibm, Linux | 3 Elastic Storage Server, Elastic Storage System, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486. | |||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. | |||||
| CVE-2020-5013 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245. | |||||
| CVE-2020-5008 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. | |||||
| CVE-2020-5004 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. | |||||
| CVE-2020-5003 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. | |||||
| CVE-2020-5002 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | |||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | |||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | |||||
| CVE-2020-4997 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 | |||||
| CVE-2020-4996 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. | |||||
| CVE-2020-4995 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912. | |||||
| CVE-2020-4994 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906. | |||||
| CVE-2020-4993 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. | |||||
| CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | |||||
| CVE-2020-4990 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710. | |||||
| CVE-2020-4989 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | |||||
| CVE-2020-4988 | 1 Ibm | 1 Loopback | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706. | |||||
| CVE-2020-4987 | 1 Ibm | 2 Flashsystem 900, Flashsystem 900 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||