|
219391
|
5.3 |
MEDIUM
Network
|
ibm
|
cloud_private
|
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
|
NVD-CWE-noinfo
|
CVE-2019-4119
|
2024-11-21 13:43 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219392
|
5.5 |
MEDIUM
Local
|
ibm
|
spectrum_scale
|
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snap…
|
NVD-CWE-noinfo
|
CVE-2019-4259
|
2024-11-21 13:43 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219393
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4204
|
2024-11-21 13:43 |
2019-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219394
|
6.3 |
MEDIUM
Network
|
ibm
|
tivoli_storage_productivity_center
spectrum_control
|
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the a…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-4072
|
2024-11-21 13:43 |
2019-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219395
|
8.8 |
HIGH
Network
|
ibm
|
tivoli_storage_productivity_center
spectrum_control
|
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper valid…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2019-4071
|
2024-11-21 13:43 |
2019-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219396
|
7.1 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose …
|
CWE-611
XXE
|
CVE-2019-4208
|
2024-11-21 13:43 |
2019-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219397
|
3.3 |
LOW
Local
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
|
NVD-CWE-noinfo
|
CVE-2019-4207
|
2024-11-21 13:43 |
2019-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219398
|
5.4 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering …
|
CWE-79
Cross-site Scripting
|
CVE-2019-4258
|
2024-11-21 13:43 |
2019-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219399
|
6.1 |
MEDIUM
Network
|
ibm
|
storediq
|
IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploi…
|
CWE-601
Open Redirect
|
CVE-2019-4166
|
2024-11-21 13:43 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219400
|
4.3 |
MEDIUM
Network
|
ibm
|
jazz_reporting_service
|
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.
|
CWE-269
Improper Privilege Management
|
CVE-2019-4047
|
2024-11-21 13:43 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
