|
218971
|
4.3 |
MEDIUM
Network
|
ibm
|
resilient_security_orchestration_automation_and_response
|
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force …
|
NVD-CWE-Other
|
CVE-2019-4579
|
2024-11-21 13:43 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218972
|
4.3 |
MEDIUM
Network
|
ibm
|
resilient_security_orchestration_automation_and_response
|
IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.
|
CWE-20
Improper Input Validation
|
CVE-2019-4533
|
2024-11-21 13:43 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218973
|
4.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
guardium_for_cloud_key_management
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// l…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2019-4688
|
2024-11-21 13:43 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218974
|
5.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
guardium_for_cloud_key_management
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// l…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2019-4686
|
2024-11-21 13:43 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218975
|
4.3 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences …
|
CWE-22
Path Traversal
|
CVE-2019-4582
|
2024-11-21 13:43 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218976
|
4.3 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
|
CWE-269
Improper Privilege Management
|
CVE-2019-4589
|
2024-11-21 13:43 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218977
|
5.3 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
|
NVD-CWE-noinfo
|
CVE-2019-4366
|
2024-11-21 13:43 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218978
|
5.4 |
MEDIUM
Network
|
hcltech
|
marketing_campaign
|
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2019-4091
|
2024-11-21 13:43 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218979
|
5.4 |
MEDIUM
Network
|
hcltech
|
marketing_campaign
|
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
|
CWE-79
Cross-site Scripting
|
CVE-2019-4090
|
2024-11-21 13:43 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218980
|
7.8 |
HIGH
Local
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
|
CWE-384
Session Fixation
|
CVE-2019-4591
|
2024-11-21 13:43 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
