Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4290 | 1 Ibm | 1 Security Information Queue | 2020-04-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333. | |||||
| CVE-2020-4291 | 1 Ibm | 1 Security Information Queue | 2020-04-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334. | |||||
| CVE-2020-4303 | 1 Ibm | 1 Websphere Application Server | 2020-04-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. | |||||
| CVE-2020-4304 | 1 Ibm | 1 Websphere Application Server | 2020-04-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670. | |||||
| CVE-2020-4208 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. | |||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2020-03-31 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
| CVE-2020-4242 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2020-03-31 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. | |||||
| CVE-2020-4214 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 6.4 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. | |||||
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | |||||
| CVE-2020-4235 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408. | |||||
| CVE-2020-4237 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410. | |||||
| CVE-2020-4238 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411. | |||||
| CVE-2019-4681 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. | |||||
| CVE-2020-4253 | 1 Ibm | 1 Content Navigator | 2020-03-24 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. | |||||
| CVE-2020-4309 | 1 Ibm | 1 Content Navigator | 2020-03-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. | |||||
| CVE-2019-4718 | 1 Ibm | 1 Jazz For Service Management | 2020-03-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. | |||||
| CVE-2019-4617 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2020-03-20 | 3.6 LOW | 4.4 MEDIUM |
| IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | |||||
| CVE-2020-4205 | 1 Ibm | 1 Datapower Gateway | 2020-03-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. | |||||
| CVE-2020-4199 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2020-03-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. | |||||
| CVE-2019-4555 | 1 Ibm | 1 Cognos Analytics | 2020-03-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204. | |||||