|
198061
|
6.5 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remo…
|
CWE-74
Injection
|
CVE-2020-5019
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198062
|
7.5 |
HIGH
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-5018
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198063
|
5.5 |
MEDIUM
Local
|
ibm
|
spectrum_protect
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
|
NVD-CWE-noinfo
|
CVE-2020-5017
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198064
|
4.3 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.
|
CWE-20
Improper Input Validation
|
CVE-2020-4667
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198065
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4666
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198066
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4664
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198067
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4663
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198068
|
7.5 |
HIGH
Network
|
ibm
|
emptoris_strategic_supply_management
|
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4898
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198069
|
5.3 |
MEDIUM
Network
|
ibm
|
emptoris_contract_management
emptoris_spend_analysis
|
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is re…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4897
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198070
|
6.5 |
MEDIUM
Network
|
ibm
|
emptoris_sourcing
|
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
|
CWE-20
Improper Input Validation
|
CVE-2020-4896
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
