|
202041
|
8.8 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4464
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202042
|
6.0 |
MEDIUM
Local
|
hcltech
|
bigfix_platform
|
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the cred…
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-4095
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202043
|
8.2 |
HIGH
Network
|
ibm
|
sterling_secure_proxy
sterling_external_authentication_server
|
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) atta…
|
CWE-611
XXE
|
CVE-2020-4462
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202044
|
4.7 |
MEDIUM
Network
|
ibm
|
rational_publishing_engine
publishing_engine
|
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to…
|
NVD-CWE-Other
|
CVE-2020-4316
|
2024-11-21 14:32 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202045
|
4.4 |
MEDIUM
Local
|
hcltechsw
|
hcl_verse
|
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application …
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2020-4100
|
2024-11-21 14:32 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202046
|
6.1 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4513
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202047
|
7.2 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.
|
CWE-78
OS Command
|
CVE-2020-4512
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202048
|
6.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.
|
NVD-CWE-noinfo
|
CVE-2020-4511
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202049
|
5.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information…
|
CWE-611
XXE
|
CVE-2020-4510
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202050
|
5.4 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4364
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
