|
219311
|
4.3 |
MEDIUM
Network
|
hcltech
|
appscan
|
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4323
|
2024-11-21 13:43 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219312
|
7.8 |
HIGH
Local
|
ibm
|
security_identity_manager_virtual_appliance
|
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-4676
|
2024-11-21 13:43 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219313
|
6.3 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform…
|
CWE-89
SQL Injection
|
CVE-2019-4650
|
2024-11-21 13:43 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219314
|
9.8 |
CRITICAL
Network
|
ibm
|
qradar_network_packet_capture
|
IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accoun…
|
CWE-521
Weak Password Requirements
|
CVE-2019-4576
|
2024-11-21 13:43 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219315
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.
|
NVD-CWE-noinfo
|
CVE-2019-4478
|
2024-11-21 13:43 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219316
|
5.9 |
MEDIUM
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit th…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-4667
|
2024-11-21 13:43 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219317
|
2.4 |
LOW
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 1…
|
CWE-269
Improper Privilege Management
|
CVE-2019-4266
|
2024-11-21 13:43 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219318
|
6.1 |
MEDIUM
Network
|
hcltech
|
connections
|
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
|
CWE-601
Open Redirect
|
CVE-2019-4209
|
2024-11-21 13:43 |
2020-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219319
|
4.3 |
MEDIUM
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
|
NVD-CWE-noinfo
|
CVE-2019-4288
|
2024-11-21 13:43 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219320
|
4.3 |
MEDIUM
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-4286
|
2024-11-21 13:43 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
