Filtered by vendor Ibm
Subscriptions
Total
7986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4969 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.9 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2020-4968 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 6.5 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. | ||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | ||||
| CVE-2020-4966 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 4.3 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423. | ||||
| CVE-2020-4965 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-11-21 | 7.5 High |
| IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. | ||||
| CVE-2020-4964 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-11-21 | 4.3 Medium |
| IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. | ||||
| CVE-2020-4958 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 9.8 Critical |
| IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. | ||||
| CVE-2020-4957 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.3 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. | ||||
| CVE-2020-4956 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 4.8 Medium |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. | ||||
| CVE-2020-4955 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 8.0 High |
| IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155. | ||||
| CVE-2020-4954 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 5.4 Medium |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153. | ||||
| CVE-2020-4953 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | ||||
| CVE-2020-4952 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028. | ||||
| CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.3 Low |
| IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | ||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 8.2 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. | ||||
| CVE-2020-4945 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-11-21 | 8.1 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. | ||||
| CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | ||||
| CVE-2020-4942 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 8.8 High |
| IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. | ||||
| CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 4.3 Medium |
| IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | ||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 8.8 High |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | ||||