|
201161
|
8.8 |
HIGH
Network
|
ibm
|
rational_doors_next_generation
rational_quality_manager
collaborative_lifecycle_management
engineering_test_management
rational_engineering_lifecycle_manager
engineering_lifecycle_mana…
|
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST A…
|
NVD-CWE-Other
|
CVE-2020-4495
|
2024-11-21 14:32 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201162
|
10.0 |
CRITICAL
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write fi…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-4561
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201163
|
8.8 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
|
CWE-79
Cross-site Scripting
|
CVE-2020-4520
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201164
|
5.4 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4354
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201165
|
8.2 |
HIGH
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive info…
|
CWE-611
XXE
|
CVE-2020-4300
|
2024-11-21 14:32 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201166
|
4.3 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furt…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4536
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201167
|
5.4 |
MEDIUM
Network
|
ibm
|
openpages_grc_platform
|
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4535
|
2024-11-21 14:32 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201168
|
9.1 |
CRITICAL
Network
|
fossasia
|
susi.ai
|
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file…
|
CWE-22
Path Traversal
|
CVE-2020-4039
|
2024-11-21 14:32 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201169
|
5.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
|
NVD-CWE-Other
|
CVE-2020-4562
|
2024-11-21 14:32 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201170
|
7.3 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. I…
|
CWE-269
Improper Privilege Management
|
CVE-2020-4184
|
2024-11-21 14:32 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
