Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5110 | 1 Formalms | 1 Formalms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5109 | 1 Formalms | 1 Formalms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5070 | 1 Epignosishq | 1 Efront Lms | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | |||||
| CVE-2019-4752 | 1 Ibm | 2 Emptoris Spend Analysis, Emptoris Strategic Supply Management Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348. | |||||
| CVE-2019-4680 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. | |||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | |||||
| CVE-2019-4669 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254. | |||||
| CVE-2019-4651 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962. | |||||
| CVE-2019-4650 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | |||||
| CVE-2019-4598 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881. | |||||
| CVE-2019-4597 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880. | |||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | |||||
| CVE-2019-4483 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067. | |||||
| CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | |||||
| CVE-2019-4387 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 162715. | |||||
| CVE-2019-4224 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. | |||||
| CVE-2019-4147 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | |||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | |||||
| CVE-2019-4012 | 1 Ibm | 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. | |||||
| CVE-2019-3797 | 1 Pivotal Software | 1 Spring Data Java Persistence Api | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | |||||