Filtered by vendor Ibm
Subscribe
Total
7403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4689 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 8.5 HIGH | 6.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | |||||
| CVE-2020-4688 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700. | |||||
| CVE-2020-4687 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. | |||||
| CVE-2020-4686 | 1 Ibm | 21 Flashsystem V5000, Flashsystem V5000 Firmware, Flashsystem V7200 and 18 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. | |||||
| CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. | |||||
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | |||||
| CVE-2020-4681 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427. | |||||
| CVE-2020-4680 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. | |||||
| CVE-2020-4679 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. | |||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | |||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | |||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
| CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | |||||
| CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | |||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | |||||
| CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | |||||
| CVE-2020-4668 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | |||||
| CVE-2020-4667 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282. | |||||
| CVE-2020-4666 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281. | |||||