|
198331
|
4.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089.
|
NVD-CWE-noinfo
|
CVE-2020-4312
|
2024-11-21 14:32 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198332
|
5.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.
|
NVD-CWE-noinfo
|
CVE-2020-4346
|
2024-11-21 14:32 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198333
|
5.4 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker coul…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-4195
|
2024-11-21 14:32 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198334
|
4.3 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to downl…
|
CWE-22
Path Traversal
|
CVE-2020-4430
|
2024-11-21 14:32 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198335
|
9.8 |
CRITICAL
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and exec…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4429
|
2024-11-21 14:32 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198336
|
9.1 |
CRITICAL
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
|
CWE-78
OS Command
|
CVE-2020-4428
|
2024-11-21 14:32 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198337
|
9.8 |
CRITICAL
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craft…
|
NVD-CWE-noinfo
|
CVE-2020-4427
|
2024-11-21 14:32 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198338
|
4.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insuf…
|
CWE-863
Incorrect Authorization
|
CVE-2020-4446
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198339
|
5.4 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-4421
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198340
|
5.4 |
MEDIUM
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_qualitystage
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4384
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
