Filtered by vendor Ibm
Subscriptions
Total
7829 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4686 | 1 Ibm | 21 Flashsystem V5000, Flashsystem V5000 Firmware, Flashsystem V7200 and 18 more | 2024-11-21 | 8.1 High |
| IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. | ||||
| CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 7.2 High |
| A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. | ||||
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2024-11-21 | 9.8 Critical |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | ||||
| CVE-2020-4681 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.4 Medium |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427. | ||||
| CVE-2020-4680 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.4 Medium |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. | ||||
| CVE-2020-4679 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.8 Medium |
| IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. | ||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.9 Medium |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | ||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | ||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.3 Medium |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | ||||
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.3 Medium |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | ||||
| CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 5.4 Medium |
| IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | ||||
| CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | ||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 9.1 Critical |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | ||||
| CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 9.1 Critical |
| IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | ||||
| CVE-2020-4668 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | ||||
| CVE-2020-4667 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.3 Medium |
| IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282. | ||||
| CVE-2020-4666 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 5.4 Medium |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281. | ||||
| CVE-2020-4665 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.3 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | ||||
| CVE-2020-4664 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 5.4 Medium |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235. | ||||
| CVE-2020-4663 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 5.4 Medium |
| IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234. | ||||