|
198041
|
6.3 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to n…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-4294
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198042
|
5.4 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-4274
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198043
|
8.8 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, whi…
|
CWE-22
CWE-502
Path Traversal
Deserialization of Untrusted Data
|
CVE-2020-4272
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198044
|
6.3 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4271
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198045
|
7.8 |
HIGH
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-4270
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198046
|
7.5 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compon…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4269
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198047
|
5.4 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4268
|
2024-11-21 14:32 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198048
|
6.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201.
|
CWE-20
Improper Input Validation
|
CVE-2020-4151
|
2024-11-21 14:32 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198049
|
8.8 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP conne…
|
NVD-CWE-noinfo
|
CVE-2020-4362
|
2024-11-21 14:32 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198050
|
9.8 |
CRITICAL
Network
|
vmware
|
vcenter_server
|
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-3952
|
2024-11-21 14:32 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
