|
198111
|
8.8 |
HIGH
Network
|
ibm
|
resilient_security_orchestration_automation_and_response
|
IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.
|
CWE-20
CWE-1236
Improper Input Validation
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-4633
|
2024-11-21 14:33 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198112
|
7.8 |
HIGH
Local
|
ibm
|
aix
vios
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
|
NVD-CWE-noinfo
|
CVE-2020-4829
|
2024-11-21 14:33 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198113
|
5.5 |
MEDIUM
Local
|
ibm
|
business_automation_workflow
|
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-4900
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198114
|
4.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 18…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-4696
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198115
|
9.0 |
CRITICAL
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-4627
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198116
|
4.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.
|
NVD-CWE-noinfo
|
CVE-2020-4626
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198117
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabil…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-4625
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198118
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4624
|
2024-11-21 14:33 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198119
|
9.8 |
CRITICAL
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to e…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4854
|
2024-11-21 14:33 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198120
|
5.9 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker cou…
|
CWE-862
Missing Authorization
|
CVE-2020-4783
|
2024-11-21 14:33 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
