Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4550 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318. | |||||
| CVE-2020-4553 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321. | |||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | |||||
| CVE-2020-4549 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317. | |||||
| CVE-2020-4224 | 1 Ibm | 1 Storediq | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | |||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | |||||
| CVE-2020-4382 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. | |||||
| CVE-2019-4692 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | |||||
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | |||||
| CVE-2020-4491 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | |||||
| CVE-2020-4650 | 1 Ibm | 1 Maximo Spatial Asset Management | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | |||||
| CVE-2020-4484 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. | |||||
| CVE-2020-4230 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. | |||||
| CVE-2020-4724 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2020-4244 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. | |||||
| CVE-2020-4236 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409. | |||||
| CVE-2020-4266 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649. | |||||
| CVE-2020-4740 | 1 Ibm | 1 Infosphere Information Server | 2021-07-21 | 4.3 MEDIUM | 5.2 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150. | |||||
| CVE-2020-4232 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. | |||||
| CVE-2020-4239 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. | |||||
| CVE-2020-4534 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 7.2 HIGH | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. | |||||
| CVE-2019-4640 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | |||||
| CVE-2020-4689 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 8.5 HIGH | 6.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | |||||
| CVE-2020-4554 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322. | |||||
| CVE-2019-4398 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. | |||||
| CVE-2020-4627 | 1 Ibm | 1 Cloud Pak For Security | 2021-07-21 | 9.0 HIGH | 9.0 CRITICAL |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. | |||||
| CVE-2020-4783 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. | |||||
| CVE-2020-4284 | 1 Ibm | 1 Security Information Queue | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207. | |||||
| CVE-2020-4626 | 1 Ibm | 1 Cloud Pak For Security | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. | |||||
| CVE-2019-4655 | 1 Ibm | 2 Mq, Mq Appliance | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. | |||||
| CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. | |||||
| CVE-2020-4261 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. | |||||
| CVE-2020-4265 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.3 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. | |||||
| CVE-2020-4918 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | |||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | |||||
| CVE-2020-4348 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 | |||||
| CVE-2020-4905 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2020-4896 | 1 Ibm | 1 Emptoris Sourcing | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987. | |||||
| CVE-2020-4919 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 5.5 MEDIUM | 3.8 LOW |
| IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. | |||||
| CVE-2020-4264 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647. | |||||
| CVE-2020-4633 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | |||||
| CVE-2020-4572 | 1 Ibm | 1 Security Key Lifecycle Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179. | |||||
| CVE-2020-9411 | 2 Ibm, Tibco | 2 I, Managed File Transfer Platform Server | 2021-07-21 | 9.3 HIGH | 9.8 CRITICAL |
| The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. | |||||
| CVE-2020-5017 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653. | |||||
| CVE-2020-4262 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. | |||||
| CVE-2019-4667 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. | |||||
| CVE-2020-4832 | 1 Ibm | 2 Aix, Powerha | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. | |||||
| CVE-2020-4721 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-4494 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. | |||||