Total
35019 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 7.8 High |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | ||||
| CVE-2020-4795 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 8.2 High |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. | ||||
| CVE-2020-4788 | 4 Fedoraproject, Ibm, Oracle and 1 more | 8 Fedora, Aix, Power9 and 5 more | 2024-11-21 | 4.7 Medium |
| IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||||
| CVE-2020-4763 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. | ||||
| CVE-2020-4732 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 6.5 Medium |
| IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126. | ||||
| CVE-2020-4708 | 1 Ibm | 1 Security Trusteer Pinpoint Detect | 2024-11-21 | 5.3 Medium |
| IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | ||||
| CVE-2020-4700 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. | ||||
| CVE-2020-4692 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. | ||||
| CVE-2020-4687 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. | ||||
| CVE-2020-4686 | 1 Ibm | 21 Flashsystem V5000, Flashsystem V5000 Firmware, Flashsystem V7200 and 18 more | 2024-11-21 | 8.1 High |
| IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. | ||||
| CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 7.2 High |
| A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. | ||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.9 Medium |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | ||||
| CVE-2020-4665 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.3 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | ||||
| CVE-2020-4648 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.5 Medium |
| A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. | ||||
| CVE-2020-4642 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 5.5 Medium |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". | ||||
| CVE-2020-4638 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.2 High |
| IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. | ||||
| CVE-2020-4635 | 2 Ibm, Redhat | 2 Soar, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | ||||
| CVE-2020-4626 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. | ||||
| CVE-2020-4616 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.3 Medium |
| IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. | ||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 6.5 Medium |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | ||||