Filtered by vendor Ibm
Subscribe
Search
Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2020-08-28 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
| CVE-2019-4699 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | |||||
| CVE-2020-4548 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. | |||||
| CVE-2019-4666 | 1 Ibm | 2 Urbancode Build, Urbancode Deploy | 2020-08-24 | 2.1 LOW | 2.3 LOW |
| IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248. | |||||
| CVE-2019-4635 | 1 Ibm | 1 Security Secret Server | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | |||||
| CVE-2019-4616 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2020-08-24 | 2.9 LOW | 3.5 LOW |
| IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. | |||||
| CVE-2019-4465 | 1 Ibm | 1 Cloud Pak System | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. | |||||
| CVE-2019-4395 | 1 Ibm | 1 Cloud Orchestrator | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. | |||||
| CVE-2019-4296 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | |||||
| CVE-2019-4218 | 1 Ibm | 1 Security Information Queue | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227. | |||||
| CVE-2019-4214 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185. | |||||
| CVE-2019-4207 | 1 Ibm | 1 Tririga Application Platform | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. | |||||
| CVE-2019-4177 | 1 Ibm | 1 Cognos Controller | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882. | |||||
| CVE-2019-4174 | 1 Ibm | 1 Cognos Controller | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879. | |||||
| CVE-2019-4171 | 1 Ibm | 1 Cognos Controller | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. | |||||
| CVE-2019-4161 | 1 Ibm | 1 Security Information Queue | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660. | |||||
| CVE-2019-4146 | 1 Ibm | 1 Sterling B2b Integrator | 2020-08-24 | 3.5 LOW | 3.1 LOW |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401. | |||||
| CVE-2019-4132 | 1 Ibm | 1 Cloud Automation Manager | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | |||||
| CVE-2019-4112 | 1 Ibm | 1 Websphere Extreme Scale | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. | |||||
| CVE-2019-4054 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. | |||||
| CVE-2019-4048 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2020-08-24 | 2.1 LOW | 2.1 LOW |
| IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | |||||
| CVE-2020-4243 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2020-08-06 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. | |||||
| CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 3.3 LOW |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
| CVE-2019-4706 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2020-07-02 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. | |||||
| CVE-2016-0380 | 1 Ibm | 1 Sterling Connect\ | 2020-06-25 | 2.1 LOW | 3.3 LOW |
| IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
| CVE-2020-4345 | 1 Ibm | 1 I | 2020-05-18 | 1.9 LOW | 3.3 LOW |
| IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. | |||||
| CVE-2019-4266 | 1 Ibm | 1 Maximo Anywhere | 2020-05-08 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. | |||||
| CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2020-04-30 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | |||||
| CVE-2020-4197 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2020-03-03 | 2.1 LOW | 2.4 LOW |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908. | |||||
| CVE-2019-4636 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | |||||
| CVE-2019-4638 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | |||||
| CVE-2016-5444 | 4 Ibm, Mariadb, Oracle and 1 more | 11 Powerkvm, Mariadb, Linux and 8 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | |||||
| CVE-2016-3452 | 4 Ibm, Mariadb, Oracle and 1 more | 5 Powerkvm, Mariadb, Linux and 2 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
| CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 3.5 LOW | 3.5 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
| CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
| CVE-2019-4150 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. | |||||
| CVE-2018-1842 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-10-09 | 3.3 LOW | 3.6 LOW |
| IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. | |||||
| CVE-2018-1962 | 1 Ibm | 1 Security Identity Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. | |||||
| CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007 | |||||
| CVE-2018-1804 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703. | |||||
| CVE-2018-1991 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 2.7 LOW |
| IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284. | |||||
| CVE-2018-1993 | 1 Ibm | 1 Spectrum Scale | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. | |||||
| CVE-2018-1369 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | |||||
| CVE-2018-1568 | 1 Ibm | 1 Qradar Incident Forensics | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. | |||||
| CVE-2018-1623 | 1 Ibm | 1 Security Privileged Identity Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | |||||
| CVE-2018-1484 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969. | |||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | |||||
| CVE-2017-1756 | 1 Ibm | 3 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. | |||||
| CVE-2017-1654 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378. | |||||
| CVE-2017-1733 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. | |||||