Filtered by vendor Ibm
Subscribe
Total
7403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | |||||
| CVE-2020-4848 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. | |||||
| CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | |||||
| CVE-2020-4845 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. | |||||
| CVE-2020-4843 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. | |||||
| CVE-2020-4842 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. | |||||
| CVE-2020-4841 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045. | |||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. | |||||
| CVE-2020-4839 | 1 Ibm | 6 8335-gca, 8335-gca Firmware, 8335-gta and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037. | |||||
| CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036. | |||||
| CVE-2020-4832 | 1 Ibm | 2 Aix, Powerha | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. | |||||
| CVE-2020-4831 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965. | |||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
| CVE-2020-4828 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842. | |||||
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||
| CVE-2020-4826 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | |||||
| CVE-2020-4825 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839. | |||||
| CVE-2020-4821 | 1 Ibm | 2 Infosphere Change Data Capture, Infosphere Data Replication | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834 | |||||
| CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-4816 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703. | |||||