Filtered by vendor Ibm
Subscribe
Total
7403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4642 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". | |||||
| CVE-2020-4640 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.8 LOW | 4.1 MEDIUM |
| Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | |||||
| CVE-2020-4638 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. | |||||
| CVE-2020-4636 | 2 Ibm, Linux | 2 Resilient Security Orchestration Automation And Response, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | |||||
| CVE-2020-4635 | 2 Ibm, Redhat | 2 Soar, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | |||||
| CVE-2020-4633 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | |||||
| CVE-2020-4632 | 1 Ibm | 1 Infosphere Metadata Asset Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. | |||||
| CVE-2020-4631 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. | |||||
| CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | |||||
| CVE-2020-4628 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369. | |||||
| CVE-2020-4627 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. | |||||
| CVE-2020-4626 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. | |||||
| CVE-2020-4625 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||
| CVE-2020-4624 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. | |||||
| CVE-2020-4623 | 2 Ibm, Microsoft | 2 I2 Ibase, Windows | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984. | |||||
| CVE-2020-4622 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983. | |||||
| CVE-2020-4621 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. | |||||
| CVE-2020-4620 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979. | |||||
| CVE-2020-4619 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. | |||||
| CVE-2020-4618 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937. | |||||