|
196621
|
6.5 |
MEDIUM
Network
|
ibm
|
emptoris_sourcing
|
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
|
CWE-20
Improper Input Validation
|
CVE-2020-4896
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196622
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_strategic_supply_management
|
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4895
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196623
|
5.9 |
MEDIUM
Network
|
ibm
|
emptoris_strategic_supply_management
|
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle metho…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4893
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196624
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_contract_management
|
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4892
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196625
|
9.1 |
CRITICAL
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Fo…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4899
|
2024-11-21 14:33 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196626
|
8.8 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access co…
|
NVD-CWE-Other
|
CVE-2020-4762
|
2024-11-21 14:33 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196627
|
5.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical er…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4761
|
2024-11-21 14:33 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196628
|
7.6 |
HIGH
Physics
|
dell
|
cpg_bios
|
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-5361
|
2024-11-21 14:33 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196629
|
8.8 |
HIGH
Network
|
ibm
|
curam_social_program_management
|
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user th…
|
CWE-352
Origin Validation Error
|
CVE-2020-4942
|
2024-11-21 14:33 |
2021-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196630
|
6.7 |
MEDIUM
Local
|
ibm
|
cloud_pak_system
|
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-4928
|
2024-11-21 14:33 |
2021-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
