Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4230 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. | |||||
| CVE-2020-4236 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409. | |||||
| CVE-2020-4244 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. | |||||
| CVE-2020-4260 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639. | |||||
| CVE-2020-4273 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. | |||||
| CVE-2020-4276 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 6.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. | |||||
| CVE-2020-4292 | 1 Ibm | 1 Security Information Queue | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. IBM X-Force ID: 176335. | |||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. | |||||
| CVE-2020-4307 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997. | |||||
| CVE-2020-4312 | 1 Ibm | 1 Sterling B2b Integrator | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. | |||||
| CVE-2020-4383 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165. | |||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | |||||
| CVE-2020-4342 | 1 Ibm | 1 Security Secret Server | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | |||||
| CVE-2020-4346 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | |||||
| CVE-2020-4352 | 1 Ibm | 1 Mq For Hpe Nonstop | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. | |||||
| CVE-2020-4353 | 1 Ibm | 1 Maas360 | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505. | |||||
| CVE-2020-4355 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507. | |||||
| CVE-2020-4362 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. | |||||
| CVE-2020-4382 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. | |||||
| CVE-2020-4410 | 1 Ibm | 2 Engineering Test Management, Rational Rhapsody Design Manager | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539. | |||||