|
201931
|
8.8 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP req…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-4620
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201932
|
6.5 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4619
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201933
|
4.9 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.
|
CWE-20
Improper Input Validation
|
CVE-2020-4618
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201934
|
8.1 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tru…
|
CWE-352
Origin Validation Error
|
CVE-2020-4617
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201935
|
5.3 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.
|
NVD-CWE-noinfo
|
CVE-2020-4616
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201936
|
5.4 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4615
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201937
|
7.5 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4614
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201938
|
7.5 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4613
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201939
|
6.5 |
MEDIUM
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.
|
NVD-CWE-noinfo
|
CVE-2020-4612
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201940
|
8.8 |
HIGH
Network
|
ibm
|
data_risk_manager
|
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
|
NVD-CWE-noinfo
|
CVE-2020-4611
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
