|
201541
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20445
|
2024-11-21 14:46 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201542
|
6.1 |
MEDIUM
Network
|
ibm
|
maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20444
|
2024-11-21 14:46 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201543
|
8.8 |
HIGH
Network
|
ibm
|
maximo_for_civil_infrastructure
|
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-20443
|
2024-11-21 14:46 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201544
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) …
|
CWE-22
Path Traversal
|
CVE-2021-20354
|
2024-11-21 14:46 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201545
|
7.2 |
HIGH
Network
|
soliton
|
filezen
|
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2021-20655
|
2024-11-21 14:46 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201546
|
5.3 |
MEDIUM
Network
|
nec
|
csdj-b_firmware
csdj-h_firmware
csdj-d_firmware
csdj-a_firmware
|
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain…
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-20653
|
2024-11-21 14:46 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201547
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communicatio…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-20412
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201548
|
8.1 |
HIGH
Adjacent
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2021-20411
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201549
|
5.3 |
MEDIUM
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20410
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201550
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attack…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20409
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
