|
199141
|
7.0 |
HIGH
Local
|
ibm
|
mq_for_hpe_nonstop
|
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
|
NVD-CWE-noinfo
|
CVE-2020-4352
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199142
|
5.4 |
MEDIUM
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4306
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199143
|
2.7 |
LOW
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informat…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4248
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199144
|
5.4 |
MEDIUM
Network
|
ibm
|
jazz_reporting_service
|
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4419
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199145
|
6.5 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485.
|
CWE-863
Incorrect Authorization
|
CVE-2020-4249
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199146
|
7.1 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2020-4246
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199147
|
7.5 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-For…
|
CWE-521
Weak Password Requirements
|
CVE-2020-4245
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199148
|
5.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422.
|
NVD-CWE-noinfo
|
CVE-2020-4244
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199149
|
5.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-4233
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199150
|
7.5 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the syste…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4232
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
