Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4722 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870. | |||||
| CVE-2020-4708 | 1 Ibm | 1 Security Trusteer Pinpoint Detect | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | |||||
| CVE-2020-4723 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873. | |||||
| CVE-2019-4366 | 1 Ibm | 1 Cognos Analytics | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. | |||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | |||||
| CVE-2020-4648 | 1 Ibm | 1 Planning Analytics | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. | |||||
| CVE-2020-4276 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 6.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. | |||||
| CVE-2019-4446 | 1 Ibm | 19 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 16 more | 2021-07-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. | |||||
| CVE-2020-4611 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. | |||||
| CVE-2019-4713 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. | |||||
| CVE-2020-4260 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639. | |||||
| CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
| CVE-2020-4248 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. | |||||
| CVE-2020-4421 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084. | |||||
| CVE-2021-29759 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2021-07-15 | 2.1 LOW | 2.3 LOW |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. | |||||
| CVE-2021-29730 | 1 Ibm | 1 Infosphere Information Server | 2021-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. | |||||
| CVE-2021-29712 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. | |||||
| CVE-2021-29804 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204262. | |||||
| CVE-2021-29805 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204263. | |||||
| CVE-2021-29822 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204349. | |||||