|
207641
|
7.8 |
HIGH
Local
|
ibm
|
i2_analysts_notebook
|
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-4549
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207642
|
8.8 |
HIGH
Local
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a…
|
NVD-CWE-noinfo
|
CVE-2020-4534
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207643
|
9.1 |
CRITICAL
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive infor…
|
CWE-611
XXE
|
CVE-2020-4377
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207644
|
6.3 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager_for_multiplatform
|
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete in…
|
CWE-89
SQL Injection
|
CVE-2020-4328
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207645
|
5.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
|
CWE-200
Information Exposure
|
CVE-2020-4186
|
2024-11-21 14:32 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207646
|
7.5 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4185
|
2024-11-21 14:32 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207647
|
7.5 |
HIGH
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.
|
CWE-521
Weak Password Requirements
|
CVE-2020-4574
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207648
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.
|
NVD-CWE-noinfo
|
CVE-2020-4573
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207649
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4572
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207650
|
6.5 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypass…
|
NVD-CWE-noinfo
|
CVE-2020-4569
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
