Filtered by vendor Ibm
Subscriptions
Total
7775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4900 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 5.5 Medium |
| IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | ||||
| CVE-2020-4899 | 1 Ibm | 1 Api Connect | 2024-11-21 | 9.1 Critical |
| IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990. | ||||
| CVE-2020-4898 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-11-21 | 7.5 High |
| IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989. | ||||
| CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 5.3 Medium |
| IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. | ||||
| CVE-2020-4896 | 1 Ibm | 1 Emptoris Sourcing | 2024-11-21 | 6.5 Medium |
| IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987. | ||||
| CVE-2020-4895 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-11-21 | 5.4 Medium |
| IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986. | ||||
| CVE-2020-4893 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-11-21 | 5.9 Medium |
| IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984. | ||||
| CVE-2020-4892 | 1 Ibm | 1 Emptoris Contract Management | 2024-11-21 | 5.4 Medium |
| IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979. | ||||
| CVE-2020-4891 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 5.5 Medium |
| IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. | ||||
| CVE-2020-4890 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 4.4 Medium |
| IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | ||||
| CVE-2020-4889 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-11-21 | 3.3 Low |
| IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. | ||||
| CVE-2020-4888 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.8 High |
| IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912. | ||||
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 5.5 Medium |
| IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | ||||
| CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.3 Low |
| IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | ||||
| CVE-2020-4885 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-11-21 | 4.7 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. | ||||
| CVE-2020-4884 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. | ||||
| CVE-2020-4883 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907. | ||||
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.1 Medium |
| IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. | ||||
| CVE-2020-4881 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 7.5 High |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851. | ||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 9.8 Critical |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | ||||