Filtered by vendor Ibm
Subscriptions
Total
7722 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4138 | 1 Ibm | 1 Spectrum Control | 2024-11-21 | N/A |
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. | ||||
CVE-2019-4137 | 1 Ibm | 1 Spectrum Control | 2024-11-21 | N/A |
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. | ||||
CVE-2019-4136 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 5.4 Medium |
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332. | ||||
CVE-2019-4135 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 8.8 High |
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. | ||||
CVE-2019-4134 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.1 Medium |
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. | ||||
CVE-2019-4133 | 1 Ibm | 1 Cloud Automation Manager | 2024-11-21 | 5.2 Medium |
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | ||||
CVE-2019-4132 | 1 Ibm | 1 Cloud Automation Manager | 2024-11-21 | 3.3 Low |
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | ||||
CVE-2019-4131 | 1 Ibm | 1 Cloud Application Performance Management | 2024-11-21 | 5.3 Medium |
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. | ||||
CVE-2019-4130 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 8.8 High |
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | ||||
CVE-2019-4129 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 5.3 Medium |
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | ||||
CVE-2019-4120 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.4 Medium |
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146. | ||||
CVE-2019-4119 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.3 Medium |
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. | ||||
CVE-2019-4118 | 1 Ibm | 1 Multicloud Manager | 2024-11-21 | 4.4 Medium |
IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. | ||||
CVE-2019-4117 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 8.8 High |
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. | ||||
CVE-2019-4116 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.5 Medium |
IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115. | ||||
CVE-2019-4115 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.4 Medium |
IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113. | ||||
CVE-2019-4112 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 3.3 Low |
IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. | ||||
CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 6.1 Medium |
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | ||||
CVE-2019-4106 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 4.8 Medium |
IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099. | ||||
CVE-2019-4103 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 8.0 High |
IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. |