Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4766 | 1 Ibm | 1 Mq Internet Pass-thru | 2021-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093. | |||||
| CVE-2020-4958 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. | |||||
| CVE-2020-4968 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. | |||||
| CVE-2020-4966 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423. | |||||
| CVE-2020-4969 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2020-4688 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||
| CVE-2020-4881 | 1 Ibm | 1 Planning Analytics | 2021-01-22 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851. | |||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | |||||
| CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | |||||
| CVE-2020-4600 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832. | |||||
| CVE-2020-4599 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824. | |||||
| CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2021-01-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036. | |||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2021-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2021-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
| CVE-2020-4869 | 1 Ibm | 1 Mq Appliance | 2021-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. | |||||
| CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. | |||||
| CVE-2020-4892 | 1 Ibm | 1 Emptoris Contract Management | 2021-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979. | |||||
| CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2021-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. | |||||
| CVE-2020-4606 | 2 Ibm, Microsoft | 2 Security Verify Privilege Manager, Windows | 2021-01-12 | 3.6 LOW | 4.4 MEDIUM |
| IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883. | |||||