|
201331
|
5.4 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4615
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201332
|
7.5 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4614
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201333
|
7.5 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4613
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201334
|
6.5 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.
|
NVD-CWE-noinfo
|
CVE-2020-4612
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201335
|
8.8 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
|
NVD-CWE-noinfo
|
CVE-2020-4611
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201336
|
6.5 |
MEDIUM
Network
|
vmware
|
horizon_daas
|
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-3977
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201337
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticat…
|
NVD-CWE-noinfo
|
CVE-2020-4590
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201338
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.
|
NVD-CWE-noinfo
|
CVE-2020-4581
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201339
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: …
|
NVD-CWE-noinfo
|
CVE-2020-4580
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201340
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: …
|
NVD-CWE-noinfo
|
CVE-2020-4579
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
