Filtered by vendor Ibm
Subscribe
Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | |||||
| CVE-2020-4348 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 | |||||
| CVE-2020-4347 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412. | |||||
| CVE-2020-4346 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | |||||
| CVE-2020-4345 | 1 Ibm | 1 I | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. | |||||
| CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
| CVE-2020-4343 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. | |||||
| CVE-2020-4342 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | |||||
| CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | |||||
| CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | |||||
| CVE-2020-4338 | 1 Ibm | 1 Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937. | |||||
| CVE-2020-4337 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933. | |||||
| CVE-2020-4336 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932. | |||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | |||||
| CVE-2020-4328 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839. | |||||
| CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | |||||
| CVE-2020-4325 | 1 Ibm | 2 Cloud Pak For Automation, Process Federation Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. | |||||
| CVE-2020-4324 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. | |||||
| CVE-2020-4323 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514. | |||||
| CVE-2020-4322 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | |||||