|
200501
|
10.0 |
CRITICAL
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write fi…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-4561
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200502
|
8.8 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
|
CWE-79
Cross-site Scripting
|
CVE-2020-4520
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200503
|
5.4 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4354
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200504
|
8.2 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive info…
|
CWE-611
XXE
|
CVE-2020-4300
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200505
|
4.3 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furt…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4536
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200506
|
5.4 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4535
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200507
|
9.1 |
CRITICAL
Network
|
fossasia
|
susi.ai
|
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file…
|
CWE-22
Path Traversal
|
CVE-2020-4039
|
2024-11-21 14:32 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200508
|
5.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
|
NVD-CWE-Other
|
CVE-2020-4562
|
2024-11-21 14:32 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200509
|
7.3 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. I…
|
CWE-269
Improper Privilege Management
|
CVE-2020-4184
|
2024-11-21 14:32 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200510
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience
|
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-4081
|
2024-11-21 14:32 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
