|
200591
|
8.2 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive info…
|
CWE-611
XXE
|
CVE-2020-4300
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200592
|
4.3 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furt…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4536
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200593
|
5.4 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4535
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200594
|
9.1 |
CRITICAL
Network
|
fossasia
|
susi.ai
|
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file…
|
CWE-22
Path Traversal
|
CVE-2020-4039
|
2024-11-21 14:32 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200595
|
5.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
|
NVD-CWE-Other
|
CVE-2020-4562
|
2024-11-21 14:32 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200596
|
7.3 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. I…
|
CWE-269
Improper Privilege Management
|
CVE-2020-4184
|
2024-11-21 14:32 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200597
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience
|
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-4081
|
2024-11-21 14:32 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200598
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rhapsody_design_manager
rational_engineering_lifecycle_manager
rhapsody_model_manager
engineering_workflow_management
collaborative_lifecycle_management
eng…
|
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vuln…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-4547
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200599
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rhapsody_design_manager
rational_engineering_lifecycle_manager
rhapsody_model_manager
engineering_workflow_management
collaborative_lifecycle_management
eng…
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4524
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200600
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4189
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
