|
199031
|
7.5 |
HIGH
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted …
|
CWE-346
Origin Validation Error
|
CVE-2020-4881
|
2024-11-21 14:33 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199032
|
5.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
|
CWE-863
Incorrect Authorization
|
CVE-2020-4873
|
2024-11-21 14:33 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199033
|
5.5 |
MEDIUM
Local
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4871
|
2024-11-21 14:33 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199034
|
5.4 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4838
|
2024-11-21 14:33 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199035
|
4.3 |
MEDIUM
Network
|
ibm
|
workload_automation
|
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4674
|
2024-11-21 14:33 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199036
|
4.3 |
MEDIUM
Network
|
ibm
|
workload_automation
|
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4673
|
2024-11-21 14:33 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199037
|
6.5 |
MEDIUM
Network
|
ibm
|
mq_appliance
|
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IB…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-4869
|
2024-11-21 14:33 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199038
|
5.3 |
MEDIUM
Local
|
sonicwall
|
netextender
|
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impac…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-5147
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199039
|
7.2 |
HIGH
Network
|
sonicwall
|
sma_100_firmware
|
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 1…
|
CWE-78
OS Command
|
CVE-2020-5146
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199040
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rational_team_concert
rational_doors_next_generation
rational_rhapsody_design_manager
rhapsody_model_manager
doors_next
engineering_workflow_management
c…
|
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4733
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
