|
201431
|
4.6 |
MEDIUM
Physics
|
ibm
|
qradar_advisory
|
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-4408
|
2024-11-21 14:32 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201432
|
5.4 |
MEDIUM
Network
|
ibm
|
intelligent_operations_center
intelligent_operations_center_for_emergency_management
water_operations_for_waternamics
|
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability al…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4318
|
2024-11-21 14:32 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201433
|
5.4 |
MEDIUM
Network
|
ibm
|
intelligent_operations_center
intelligent_operations_center_for_emergency_management
water_operations_for_waternamics
|
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability al…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4317
|
2024-11-21 14:32 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201434
|
4.3 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-4405
|
2024-11-21 14:32 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201435
|
5.4 |
MEDIUM
Network
|
ibm
|
filenet_content_manager
|
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4447
|
2024-11-21 14:32 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201436
|
7.5 |
HIGH
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4400
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201437
|
6.5 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
|
NVD-CWE-noinfo
|
CVE-2020-4399
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201438
|
5.9 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4397
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201439
|
9.8 |
CRITICAL
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4385
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201440
|
7.8 |
HIGH
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-4372
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
