Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-922
Total 96 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4673 1 Ibm 1 Workload Automation 2021-01-13 4.0 MEDIUM 4.3 MEDIUM
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.
CVE-2020-9202 1 Huawei 1 Te Mobile 2020-12-28 2.1 LOW 4.4 MEDIUM
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure.
CVE-2020-26176 1 Tangro 1 Business Workflow 2020-12-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them.
CVE-2020-4906 1 Ibm 1 Financial Transaction Manager For Multiplatform 2020-12-17 2.1 LOW 3.3 LOW
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
CVE-2019-3684 1 Suse 1 Manager 2020-12-03 4.3 MEDIUM 5.9 MEDIUM
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
CVE-2019-19557 1 Harman 1 Hermes 2020-11-29 2.1 LOW 2.4 LOW
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.
CVE-2019-19561 1 Harman 1 Hermes 2020-11-29 2.1 LOW 2.4 LOW
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.
CVE-2020-4886 1 Ibm 1 Infosphere Information Server 2020-11-17 2.1 LOW 3.3 LOW
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
CVE-2019-8790 1 Apple 1 Swift 2020-11-03 2.1 LOW 5.5 MEDIUM
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
CVE-2020-13937 1 Apache 1 Kylin 2020-10-29 5.0 MEDIUM 5.3 MEDIUM
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
CVE-2019-5633 1 Belwith-keeler 1 Hickory Smart 2020-10-16 2.1 LOW 5.5 MEDIUM
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.
CVE-2019-5632 1 Belwith-keeler 1 Hickory Smart 2020-10-16 2.1 LOW 5.5 MEDIUM
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.
CVE-2020-4315 1 Ibm 1 Business Automation Content Analyzer On Cloud 2020-10-01 4.3 MEDIUM 4.3 MEDIUM
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.
CVE-2020-26104 1 Cpanel 1 Cpanel 2020-09-29 5.0 MEDIUM 7.5 HIGH
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
CVE-2020-4344 1 Ibm 1 Tivoli Business Service Manager 2020-09-15 2.1 LOW 3.3 LOW
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
CVE-2019-4695 1 Ibm 1 Guardium Data Encryption 2020-08-28 2.1 LOW 3.3 LOW
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
CVE-2019-12911 1 Rdbrck 1 Shift 2020-08-24 5.0 MEDIUM 7.5 HIGH
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-12914 1 Rdbrck 1 Shift 2020-08-24 5.0 MEDIUM 7.5 HIGH
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2018-20886 1 Cpanel 1 Cpanel 2020-08-24 4.6 MEDIUM 5.3 MEDIUM
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
CVE-2020-4371 1 Ibm 1 Verify Gateway 2020-07-24 2.1 LOW 3.3 LOW
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.