Filtered by vendor Ibm
Subscribe
Total
7369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4575 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. | |||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. | |||||
| CVE-2020-4573 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | |||||
| CVE-2020-4572 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179. | |||||
| CVE-2020-4569 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158. | |||||
| CVE-2020-4568 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. | |||||
| CVE-2020-4567 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156. | |||||
| CVE-2020-4566 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | |||||
| CVE-2020-4565 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | |||||
| CVE-2020-4564 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. | |||||
| CVE-2020-4562 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | |||||
| CVE-2020-4561 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903. | |||||
| CVE-2020-4560 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-4559 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Spectrum Protect and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. | |||||
| CVE-2020-4557 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611. | |||||
| CVE-2020-4556 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. | |||||
| CVE-2020-4555 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. | |||||
| CVE-2020-4554 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322. | |||||
| CVE-2020-4553 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321. | |||||
| CVE-2020-4552 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320. | |||||