|
200051
|
9.1 |
CRITICAL
Network
|
fossasia
|
susi.ai
|
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file…
|
CWE-22
Path Traversal
|
CVE-2020-4039
|
2024-11-21 14:32 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200052
|
5.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
|
NVD-CWE-Other
|
CVE-2020-4562
|
2024-11-21 14:32 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200053
|
7.3 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. I…
|
CWE-269
Improper Privilege Management
|
CVE-2020-4184
|
2024-11-21 14:32 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200054
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience
|
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-4081
|
2024-11-21 14:32 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200055
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rhapsody_design_manager
rational_engineering_lifecycle_manager
rhapsody_model_manager
engineering_workflow_management
collaborative_lifecycle_management
eng…
|
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vuln…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-4547
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200056
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rhapsody_design_manager
rational_engineering_lifecycle_manager
rhapsody_model_manager
engineering_workflow_management
collaborative_lifecycle_management
eng…
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4524
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200057
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4189
|
2024-11-21 14:32 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200058
|
4.4 |
MEDIUM
Local
|
ibm
|
security_guardium_insights
|
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4604
|
2024-11-21 14:32 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200059
|
4.4 |
MEDIUM
Local
|
ibm
|
security_guardium_insights
|
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-4602
|
2024-11-21 14:32 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200060
|
5.3 |
MEDIUM
Network
|
ibm
|
security_guardium_insights
|
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used i…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4600
|
2024-11-21 14:32 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
