Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5023 | 1 Ibm | 1 Spectrum Protect Plus | 2021-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. | |||||
| CVE-2020-4790 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-02-11 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. | |||||
| CVE-2020-4995 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912. | |||||
| CVE-2020-4996 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-02-11 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. | |||||
| CVE-2021-20358 | 1 Ibm | 1 Cloud Pak For Automation | 2021-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965. | |||||
| CVE-2021-20359 | 1 Ibm | 1 Cloud Pak For Automation | 2021-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966. | |||||
| CVE-2020-4640 | 1 Ibm | 1 Api Connect | 2021-02-04 | 3.8 LOW | 4.1 MEDIUM |
| Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | |||||
| CVE-2020-4828 | 1 Ibm | 1 Api Connect | 2021-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842. | |||||
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||
| CVE-2020-4826 | 1 Ibm | 1 Api Connect | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | |||||
| CVE-2020-4825 | 1 Ibm | 1 Api Connect | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839. | |||||
| CVE-2020-5032 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-02-04 | 3.3 LOW | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178. | |||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | |||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-4789 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302. | |||||
| CVE-2020-4786 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. | |||||
| CVE-2020-4787 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 2.1 LOW | 2.3 LOW |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. | |||||
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2021-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | |||||
| CVE-2020-4888 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-02-02 | 9.0 HIGH | 8.8 HIGH |
| IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912. | |||||
| CVE-2020-4642 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2021-01-30 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". | |||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-01-29 | 6.4 MEDIUM | 8.2 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. | |||||
| CVE-2020-4547 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315. | |||||
| CVE-2020-4524 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434. | |||||
| CVE-2020-4855 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457. | |||||
| CVE-2020-4952 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-29 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028. | |||||
| CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | |||||
| CVE-2020-4889 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2021-01-29 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. | |||||
| CVE-2020-4865 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741. | |||||
| CVE-2021-20357 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963. | |||||
| CVE-2020-4628 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369. | |||||
| CVE-2020-4815 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | |||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | |||||
| CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-4766 | 1 Ibm | 1 Mq Internet Pass-thru | 2021-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093. | |||||
| CVE-2020-4958 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. | |||||
| CVE-2020-4968 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. | |||||
| CVE-2020-4966 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423. | |||||
| CVE-2020-4969 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2020-4688 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||
| CVE-2020-4881 | 1 Ibm | 1 Planning Analytics | 2021-01-22 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851. | |||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | |||||
| CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | |||||
| CVE-2020-4600 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832. | |||||
| CVE-2020-4599 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824. | |||||
| CVE-2019-4160 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2021-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. | |||||
| CVE-2019-4687 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823. | |||||
| CVE-2019-4702 | 1 Ibm | 1 Security Guardium Data Encrpytion | 2021-01-15 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
| CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2021-01-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036. | |||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2021-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||