|
207111
|
4.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tr…
|
CWE-352
Origin Validation Error
|
CVE-2020-4827
|
2024-11-21 14:33 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207112
|
4.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tr…
|
CWE-352
Origin Validation Error
|
CVE-2020-4826
|
2024-11-21 14:33 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207113
|
5.4 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4825
|
2024-11-21 14:33 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207114
|
4.1 |
MEDIUM
Adjacent
|
ibm
|
api_connect
|
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached…
|
CWE-200
Information Exposure
|
CVE-2020-4640
|
2024-11-21 14:33 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207115
|
4.3 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view …
|
CWE-22
Path Traversal
|
CVE-2020-4934
|
2024-11-21 14:33 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207116
|
8.8 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4888
|
2024-11-21 14:33 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207117
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_mq
mq
mq_appliance
|
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4682
|
2024-11-21 14:33 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207118
|
8.8 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.
|
NVD-CWE-noinfo
|
CVE-2020-4952
|
2024-11-21 14:33 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207119
|
6.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-c…
|
CWE-22
Path Traversal
|
CVE-2020-4789
|
2024-11-21 14:33 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207120
|
2.3 |
LOW
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send una…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-4787
|
2024-11-21 14:33 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
