Filtered by vendor Ibm
Subscribe
Total
7403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4717 | 1 Ibm | 1 Spss Modeler | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727. | |||||
| CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | |||||
| CVE-2020-4708 | 1 Ibm | 1 Security Trusteer Pinpoint Detect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | |||||
| CVE-2020-4707 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | |||||
| CVE-2020-4706 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | |||||
| CVE-2020-4705 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. | |||||
| CVE-2020-4704 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. | |||||
| CVE-2020-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | |||||
| CVE-2020-4702 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187. | |||||
| CVE-2020-4701 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | |||||
| CVE-2020-4700 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. | |||||
| CVE-2020-4699 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | |||||
| CVE-2020-4698 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. | |||||
| CVE-2020-4697 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790. | |||||
| CVE-2020-4696 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. | |||||
| CVE-2020-4695 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality. | |||||
| CVE-2020-4693 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. | |||||
| CVE-2020-4692 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. | |||||
| CVE-2020-4691 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698. | |||||
| CVE-2020-4690 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. | |||||