|
197281
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4628
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197282
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2020-4949
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197283
|
3.3 |
LOW
Local
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
|
NVD-CWE-noinfo
|
CVE-2020-4889
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197284
|
7.5 |
HIGH
Network
|
ibm
|
mq_internet_pass-thru
|
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-4766
|
2024-11-21 14:33 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197285
|
5.9 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An atta…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4969
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197286
|
6.5 |
MEDIUM
Adjacent
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4968
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197287
|
4.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:…
|
CWE-59
Link Following
|
CVE-2020-4966
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197288
|
9.8 |
CRITICAL
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-4958
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197289
|
7.8 |
HIGH
Local
|
ibm
|
spectrum_lsf
spectrum_lsf_suite
|
IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.
|
CWE-287
CWE-798
Improper Authentication
Use of Hard-coded Credentials
|
CVE-2020-4983
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197290
|
8.8 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete inform…
|
CWE-89
SQL Injection
|
CVE-2020-4921
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
