|
201641
|
9.8 |
CRITICAL
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craft…
|
NVD-CWE-noinfo
|
CVE-2020-4427
|
2024-11-21 14:32 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201642
|
4.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insuf…
|
CWE-863
Incorrect Authorization
|
CVE-2020-4446
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201643
|
5.4 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-4421
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201644
|
5.4 |
MEDIUM
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_qualitystage
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4384
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201645
|
5.3 |
MEDIUM
Network
|
hcltech
|
hcl_nomad
|
"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the settin…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4092
|
2024-11-21 14:32 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201646
|
5.4 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequen…
|
CWE-22
Path Traversal
|
CVE-2020-4209
|
2024-11-21 14:32 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201647
|
9.3 |
CRITICAL
Network
|
vmware
|
esxi
|
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluat…
|
CWE-79
Cross-site Scripting
|
CVE-2020-3955
|
2024-11-21 14:32 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201648
|
4.3 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter ch…
|
NVD-CWE-noinfo
|
CVE-2020-4329
|
2024-11-21 14:32 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201649
|
6.5 |
MEDIUM
Network
|
ibm
|
mq
mq_appliance
|
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-4267
|
2024-11-21 14:32 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201650
|
9.8 |
CRITICAL
Network
|
ibm
|
spectrum_protect
|
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system …
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2020-4415
|
2024-11-21 14:32 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
