|
198031
|
6.1 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4820
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198032
|
5.9 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exp…
|
CWE-862
Missing Authorization
|
CVE-2020-4816
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198033
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
|
CWE-200
Information Exposure
|
CVE-2020-4815
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198034
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4628
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198035
|
8.2 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2020-4949
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198036
|
3.3 |
LOW
Local
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
|
NVD-CWE-noinfo
|
CVE-2020-4889
|
2024-11-21 14:33 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198037
|
7.5 |
HIGH
Network
|
ibm
|
mq_internet_pass-thru
|
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-4766
|
2024-11-21 14:33 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198038
|
5.9 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An atta…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4969
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198039
|
6.5 |
MEDIUM
Adjacent
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4968
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198040
|
4.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:…
|
CWE-59
Link Following
|
CVE-2020-4966
|
2024-11-21 14:33 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
