|
196741
|
5.9 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exp…
|
CWE-862
Missing Authorization
|
CVE-2020-4816
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196742
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
|
CWE-200
Information Exposure
|
CVE-2020-4815
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196743
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4628
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196744
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2020-4949
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196745
|
3.3 |
LOW
Local
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
|
NVD-CWE-noinfo
|
CVE-2020-4889
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196746
|
7.5 |
HIGH
Network
|
ibm
|
mq_internet_pass-thru
|
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-4766
|
2024-11-21 14:33 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196747
|
5.9 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An atta…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4969
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196748
|
6.5 |
MEDIUM
Adjacent
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4968
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196749
|
4.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:…
|
CWE-59
Link Following
|
CVE-2020-4966
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196750
|
9.8 |
CRITICAL
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-4958
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
