|
201441
|
3.3 |
LOW
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4371
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201442
|
5.5 |
MEDIUM
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4369
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201443
|
8.1 |
HIGH
Network
|
ibm
|
marketing_operations
|
Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to con…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-4125
|
2024-11-21 14:32 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201444
|
5.9 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmis…
|
CWE-384
Session Fixation
|
CVE-2020-4527
|
2024-11-21 14:32 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201445
|
6.5 |
MEDIUM
Network
|
ibm
|
mq_for_hpe_nonstop
|
IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.
|
NVD-CWE-noinfo
|
CVE-2020-4466
|
2024-11-21 14:32 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201446
|
4.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.
|
CWE-200
Information Exposure
|
CVE-2020-4361
|
2024-11-21 14:32 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201447
|
5.4 |
MEDIUM
Network
|
hcltech
|
bigfix_webui
|
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all vers…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4104
|
2024-11-21 14:32 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201448
|
8.8 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4464
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201449
|
6.0 |
MEDIUM
Local
|
hcltech
|
bigfix_platform
|
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the cred…
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-4095
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201450
|
8.2 |
HIGH
Network
|
ibm
|
sterling_secure_proxy
sterling_external_authentication_server
|
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) atta…
|
CWE-611
XXE
|
CVE-2020-4462
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
