Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4512 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. | |||||
| CVE-2019-4485 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069. | |||||
| CVE-2019-4484 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068. | |||||
| CVE-2019-4441 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. | |||||
| CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. | |||||
| CVE-2019-4377 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. | |||||
| CVE-2019-4308 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | |||||
| CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
| CVE-2019-4257 | 1 Ibm | 3 Infosphere Information Analyzer, Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. | |||||
| CVE-2019-4219 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. | |||||
| CVE-2019-4129 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | |||||
| CVE-2019-3756 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | |||||
| CVE-2019-3730 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2019-19993 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. | |||||
| CVE-2019-19806 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | |||||
| CVE-2019-19342 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. | |||||
| CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | |||||
| CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | |||||
| CVE-2019-16768 | 1 Sylius | 1 Sylius | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | |||||
| CVE-2019-16101 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | |||||