|
197231
|
7.8 |
HIGH
Local
|
ibm
netapp
|
db2
oncommand_insight
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a loca…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5025
|
2024-11-21 14:33 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197232
|
7.5 |
HIGH
Network
|
ibm
netapp
|
db2
oncommand_insight
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake …
|
NVD-CWE-noinfo
|
CVE-2020-5024
|
2024-11-21 14:33 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197233
|
4.4 |
MEDIUM
Local
|
ibm
netapp
|
db2
oncommand_insight
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force I…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-4976
|
2024-11-21 14:33 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197234
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present…
|
CWE-22
Path Traversal
|
CVE-2020-5016
|
2024-11-21 14:33 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197235
|
5.5 |
MEDIUM
Local
|
ibm
|
spss_modeler
|
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation…
|
CWE-59
Link Following
|
CVE-2020-4717
|
2024-11-21 14:33 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197236
|
6.7 |
MEDIUM
Local
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-5014
|
2024-11-21 14:33 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197237
|
6.5 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
|
NVD-CWE-noinfo
|
CVE-2020-4903
|
2024-11-21 14:33 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197238
|
7.5 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data lea…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4695
|
2024-11-21 14:33 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197239
|
8.2 |
HIGH
Network
|
sonicwall
|
directory_services_connector
|
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privilege…
|
CWE-287
Improper Authentication
|
CVE-2020-5148
|
2024-11-21 14:33 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197240
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rational_team_concert
rational_doors_next_generation
doors_next
engineering_workflow_management
engineering_test_management
engineering_lifecycle_management…
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially …
|
CWE-79
Cross-site Scripting
|
CVE-2020-4975
|
2024-11-21 14:33 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
