|
197701
|
7.2 |
HIGH
Network
|
ibm
|
cognos_controller
|
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from …
|
NVD-CWE-noinfo
|
CVE-2020-4685
|
2024-11-21 14:33 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197702
|
5.4 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4760
|
2024-11-21 14:33 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197703
|
5.4 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4704
|
2024-11-21 14:33 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197704
|
7.8 |
HIGH
Local
|
ibm
|
filenet_content_manager
|
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file con…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-4759
|
2024-11-21 14:33 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197705
|
4.8 |
MEDIUM
Adjacent
|
ibm
|
maximo_spatial_asset_management
|
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tran…
|
CWE-352
Origin Validation Error
|
CVE-2020-4651
|
2024-11-21 14:33 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197706
|
3.3 |
LOW
Local
|
ibm
|
maximo_spatial_asset_management
|
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4650
|
2024-11-21 14:33 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197707
|
5.4 |
MEDIUM
Network
|
ibm
|
app_connect_enterprise_certified_container
|
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malic…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-4785
|
2024-11-21 14:33 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197708
|
4.3 |
MEDIUM
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.
|
CWE-200
Information Exposure
|
CVE-2020-4649
|
2024-11-21 14:33 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197709
|
4.3 |
MEDIUM
Adjacent
|
ibm
|
resilient_security_orchestration_automation_and_response
|
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-4864
|
2024-11-21 14:33 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197710
|
7.8 |
HIGH
Local
|
ibm
|
i2_analysts_notebook
|
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, a…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-4724
|
2024-11-21 14:33 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
