|
200361
|
7.5 |
HIGH
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4367
|
2024-11-21 14:32 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200362
|
6.1 |
MEDIUM
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4366
|
2024-11-21 14:32 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200363
|
5.4 |
MEDIUM
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4360
|
2024-11-21 14:32 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200364
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability throu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4023
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200365
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4021
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200366
|
7.2 |
HIGH
Network
|
atlassian
|
companion
|
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execut…
|
NVD-CWE-Other
|
CVE-2020-4020
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200367
|
7.8 |
HIGH
Local
|
atlassian
|
companion
|
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted sear…
|
CWE-426
Untrusted Search Path
|
CVE-2020-4019
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200368
|
8.8 |
HIGH
Network
|
atlassian
|
crucible
fisheye
|
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-4018
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200369
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configur…
|
NVD-CWE-noinfo
|
CVE-2020-4017
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200370
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira applicatio…
|
NVD-CWE-noinfo
|
CVE-2020-4016
|
2024-11-21 14:32 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
