Filtered by vendor Ibm
Subscribe
Total
7369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||
| CVE-2020-4826 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | |||||
| CVE-2020-4825 | 1 Ibm | 1 Api Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839. | |||||
| CVE-2020-4821 | 1 Ibm | 2 Infosphere Change Data Capture, Infosphere Data Replication | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834 | |||||
| CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-4816 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703. | |||||
| CVE-2020-4815 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | |||||
| CVE-2020-4811 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.0 MEDIUM | 2.4 LOW |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation. | |||||
| CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
| CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
| CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
| CVE-2020-4799 | 1 Ibm | 1 Informix Dynamic Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. | |||||
| CVE-2020-4795 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. | |||||
| CVE-2020-4794 | 1 Ibm | 3 Automation Workstream Services, Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445. | |||||
| CVE-2020-4792 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. | |||||
| CVE-2020-4791 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 1.8 LOW | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379. | |||||
| CVE-2020-4790 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. | |||||
| CVE-2020-4789 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302. | |||||
| CVE-2020-4788 | 3 Fedoraproject, Ibm, Oracle | 7 Fedora, Aix, Power9 and 4 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||||
| CVE-2020-4787 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 2.3 LOW |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. | |||||