Total
34213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4638 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.2 High |
| IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. | ||||
| CVE-2020-4635 | 2 Ibm, Redhat | 2 Soar, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | ||||
| CVE-2020-4626 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. | ||||
| CVE-2020-4616 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.3 Medium |
| IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. | ||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 6.5 Medium |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | ||||
| CVE-2020-4611 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 8.8 High |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. | ||||
| CVE-2020-4592 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | ||||
| CVE-2020-4590 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.5 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650. | ||||
| CVE-2020-4581 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 7.5 High |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441. | ||||
| CVE-2020-4580 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 7.5 High |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439. | ||||
| CVE-2020-4579 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 7.5 High |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438. | ||||
| CVE-2020-4576 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.5 High |
| IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. | ||||
| CVE-2020-4573 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.3 Medium |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | ||||
| CVE-2020-4569 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 6.5 Medium |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158. | ||||
| CVE-2020-4566 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | ||||
| CVE-2020-4534 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. | ||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.5 Medium |
| IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | ||||
| CVE-2020-4511 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366. | ||||
| CVE-2020-4499 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 9.8 Critical |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | ||||
| CVE-2020-4493 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 9.8 Critical |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | ||||