|
219131
|
2.4 |
LOW
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 1…
|
CWE-269
Improper Privilege Management
|
CVE-2019-4266
|
2024-11-21 13:43 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219132
|
6.1 |
MEDIUM
Network
|
hcltech
|
connections
|
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
|
CWE-601
Open Redirect
|
CVE-2019-4209
|
2024-11-21 13:43 |
2020-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219133
|
4.3 |
MEDIUM
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
|
NVD-CWE-noinfo
|
CVE-2019-4288
|
2024-11-21 13:43 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219134
|
4.3 |
MEDIUM
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-4286
|
2024-11-21 13:43 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219135
|
5.5 |
MEDIUM
Local
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-4668
|
2024-11-21 13:43 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219136
|
7.5 |
HIGH
Network
|
hcltech
|
appscan
|
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-4327
|
2024-11-21 13:43 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219137
|
6.1 |
MEDIUM
Network
|
ibm
|
maximo_for_life_sciences
maximo_for_transportation
control_desk
maximo_asset_management
maximo_for_oil_and_gas
maximo_for_aviation
maximo_for_utilities
maximo_for_nuclear_power
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4644
|
2024-11-21 13:43 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
219138
|
5.4 |
MEDIUM
Network
|
ibm
|
maximo_for_life_sciences
maximo_for_transportation
control_desk
maximo_asset_management
maximo_for_oil_and_gas
maximo_for_aviation
maximo_for_utilities
maximo_for_nuclear_power
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
|
NVD-CWE-noinfo
|
CVE-2019-4446
|
2024-11-21 13:43 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
219139
|
4.8 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-4654
|
2024-11-21 13:43 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219140
|
5.9 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-4594
|
2024-11-21 13:43 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
