Filtered by vendor Ibm
Subscriptions
Total
7787 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4147 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 7.2 High |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | ||||
| CVE-2019-4146 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.1 Low |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401. | ||||
| CVE-2019-4145 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 7.1 High |
| IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. | ||||
| CVE-2019-4143 | 1 Ibm | 1 Cloud Private | 2024-11-21 | N/A |
| The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348. | ||||
| CVE-2019-4142 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 8.8 High |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. | ||||
| CVE-2019-4141 | 1 Ibm | 2 Websphere Mq, Websphere Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. | ||||
| CVE-2019-4140 | 1 Ibm | 1 Spectrum Protect | 2024-11-21 | 7.1 High |
| IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. | ||||
| CVE-2019-4139 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A |
| IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. | ||||
| CVE-2019-4138 | 1 Ibm | 1 Spectrum Control | 2024-11-21 | N/A |
| IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. | ||||
| CVE-2019-4137 | 1 Ibm | 1 Spectrum Control | 2024-11-21 | N/A |
| IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. | ||||
| CVE-2019-4136 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 5.4 Medium |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332. | ||||
| CVE-2019-4135 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 8.8 High |
| IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. | ||||
| CVE-2019-4134 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.1 Medium |
| IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. | ||||
| CVE-2019-4133 | 1 Ibm | 1 Cloud Automation Manager | 2024-11-21 | 5.2 Medium |
| IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | ||||
| CVE-2019-4132 | 1 Ibm | 1 Cloud Automation Manager | 2024-11-21 | 3.3 Low |
| IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | ||||
| CVE-2019-4131 | 1 Ibm | 1 Cloud Application Performance Management | 2024-11-21 | 5.3 Medium |
| IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. | ||||
| CVE-2019-4130 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 8.8 High |
| IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | ||||
| CVE-2019-4129 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 5.3 Medium |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | ||||
| CVE-2019-4120 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.4 Medium |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146. | ||||
| CVE-2019-4119 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.3 Medium |
| IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. | ||||