Filtered by vendor Ibm
Subscriptions
Total
7909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2024-11-21 | 7.8 High |
| IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | ||||
| CVE-2020-4544 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2024-11-21 | 4.3 Medium |
| IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189. | ||||
| CVE-2020-4542 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2024-11-21 | 5.4 Medium |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046. | ||||
| CVE-2020-4541 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 6.1 Medium |
| IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039. | ||||
| CVE-2020-4539 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 6.1 Medium |
| IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2020-4536 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 4.3 Medium |
| IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907. | ||||
| CVE-2020-4535 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 5.4 Medium |
| IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906. | ||||
| CVE-2020-4534 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. | ||||
| CVE-2020-4533 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 6.1 Medium |
| IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717. | ||||
| CVE-2020-4532 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.3 Medium |
| IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716. | ||||
| CVE-2020-4531 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.3 Medium |
| IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. | ||||
| CVE-2020-4530 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.4 Medium |
| IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. | ||||
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 7.4 High |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | ||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.5 Medium |
| IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | ||||
| CVE-2020-4527 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.9 Medium |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631. | ||||
| CVE-2020-4526 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | ||||
| CVE-2020-4525 | 1 Ibm | 2 Engineering Workflow Management, Rational Rhapsody Design Manager | 2024-11-21 | 5.4 Medium |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435. | ||||
| CVE-2020-4524 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434. | ||||
| CVE-2020-4522 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397. | ||||
| CVE-2020-4521 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 8.8 High |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. | ||||