|
197461
|
7.5 |
HIGH
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4400
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197462
|
6.5 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
|
NVD-CWE-noinfo
|
CVE-2020-4399
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197463
|
5.9 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4397
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197464
|
9.8 |
CRITICAL
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4385
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197465
|
7.8 |
HIGH
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-4372
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197466
|
3.3 |
LOW
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4371
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197467
|
5.5 |
MEDIUM
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4369
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197468
|
8.1 |
HIGH
Network
|
ibm
|
marketing_operations
|
Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to con…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-4125
|
2024-11-21 14:32 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197469
|
5.9 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmis…
|
CWE-384
Session Fixation
|
CVE-2020-4527
|
2024-11-21 14:32 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197470
|
6.5 |
MEDIUM
Network
|
ibm
|
mq_for_hpe_nonstop
|
IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.
|
NVD-CWE-noinfo
|
CVE-2020-4466
|
2024-11-21 14:32 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
