|
196971
|
8.2 |
HIGH
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-4388
|
2024-11-21 14:32 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196972
|
7.8 |
HIGH
Local
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-4302
|
2024-11-21 14:32 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196973
|
8.8 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4280
|
2024-11-21 14:32 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196974
|
5.5 |
MEDIUM
Local
|
ibm
|
datapower_gateway
|
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-F…
|
NVD-CWE-noinfo
|
CVE-2020-4528
|
2024-11-21 14:32 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196975
|
9.8 |
CRITICAL
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
|
NVD-CWE-noinfo
|
CVE-2020-4493
|
2024-11-21 14:32 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196976
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force …
|
NVD-CWE-noinfo
|
CVE-2020-4576
|
2024-11-21 14:32 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196977
|
7.8 |
HIGH
Local
|
ibm
|
security_verify_privilege_vault_remote_on-premises
|
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
|
CWE-20
Improper Input Validation
|
CVE-2020-4607
|
2024-11-21 14:32 |
2020-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196978
|
5.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error …
|
CWE-252
Unchecked Return Value
|
CVE-2020-4531
|
2024-11-21 14:32 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196979
|
4.3 |
MEDIUM
Network
|
ibm
|
security_secret_server
|
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-4340
|
2024-11-21 14:32 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196980
|
4.3 |
MEDIUM
Network
|
ibm
|
security_secret_server
|
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.
|
CWE-20
Improper Input Validation
|
CVE-2020-4324
|
2024-11-21 14:32 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
