Total
9588 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2020-5132 | 1 Sonicwall | 3 Sma100, Sma100 Firmware, Sonicos | 2024-11-21 | 5.3 Medium |
| SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | ||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | ||||
| CVE-2020-4957 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.3 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. | ||||
| CVE-2020-4953 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | ||||
| CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.3 Low |
| IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | ||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.4 Medium |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | ||||
| CVE-2020-4908 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.3 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. | ||||
| CVE-2020-4815 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | ||||
| CVE-2020-4788 | 4 Fedoraproject, Ibm, Oracle and 1 more | 8 Fedora, Aix, Power9 and 5 more | 2024-11-21 | 4.7 Medium |
| IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||||
| CVE-2020-4649 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. | ||||
| CVE-2020-4640 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.1 Medium |
| Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | ||||
| CVE-2020-4565 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 5.9 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | ||||
| CVE-2020-4361 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. | ||||
| CVE-2020-4338 | 1 Ibm | 1 Mq | 2024-11-21 | 5.5 Medium |
| IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937. | ||||
| CVE-2020-4336 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.3 Medium |
| IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932. | ||||
| CVE-2020-4309 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 5.3 Medium |
| IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. | ||||
| CVE-2020-4226 | 1 Ibm | 1 Mobilefirst Platform Foundation | 2024-11-21 | 7.5 High |
| IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207. | ||||
| CVE-2020-4186 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. | ||||
| CVE-2020-4172 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | ||||