|
197351
|
9.8 |
CRITICAL
Network
|
ibm
|
security_verify_access
security_access_manager
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applicati…
|
NVD-CWE-noinfo
|
CVE-2020-4499
|
2024-11-21 14:32 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197352
|
5.4 |
MEDIUM
Network
|
ibm
|
security_access_manager_appliance
|
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-4395
|
2024-11-21 14:32 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197353
|
8.2 |
HIGH
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-4388
|
2024-11-21 14:32 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197354
|
7.8 |
HIGH
Local
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-4302
|
2024-11-21 14:32 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197355
|
8.8 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4280
|
2024-11-21 14:32 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197356
|
5.5 |
MEDIUM
Local
|
ibm
|
datapower_gateway
|
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-F…
|
NVD-CWE-noinfo
|
CVE-2020-4528
|
2024-11-21 14:32 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197357
|
9.8 |
CRITICAL
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
|
NVD-CWE-noinfo
|
CVE-2020-4493
|
2024-11-21 14:32 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197358
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force …
|
NVD-CWE-noinfo
|
CVE-2020-4576
|
2024-11-21 14:32 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197359
|
7.8 |
HIGH
Local
|
ibm
|
security_verify_privilege_vault_remote_on-premises
|
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
|
CWE-20
Improper Input Validation
|
CVE-2020-4607
|
2024-11-21 14:32 |
2020-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197360
|
5.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error …
|
CWE-252
Unchecked Return Value
|
CVE-2020-4531
|
2024-11-21 14:32 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
