Filtered by vendor Ibm
Subscribe
Total
7404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4929 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706. | |||||
| CVE-2020-4928 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. | |||||
| CVE-2020-4927 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | N/A | 5.7 MEDIUM |
| A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. | |||||
| CVE-2020-4926 | 2 Ibm, Linux | 3 Elastic Storage System, Spectrum Scale, Linux Kernel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600. | |||||
| CVE-2020-4925 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||
| CVE-2020-4920 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396. | |||||
| CVE-2020-4919 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 5.5 MEDIUM | 3.8 LOW |
| IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. | |||||
| CVE-2020-4918 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | |||||
| CVE-2020-4917 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. | |||||
| CVE-2020-4916 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. | |||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | |||||
| CVE-2020-4912 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287. | |||||
| CVE-2020-4910 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274. | |||||
| CVE-2020-4909 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273. | |||||
| CVE-2020-4908 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. | |||||
| CVE-2020-4907 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2020-4905 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2020-4904 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||