|
219431
|
5.3 |
MEDIUM
Network
|
ibm
|
tivoli_netcool\/impact
|
IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-4570
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219432
|
5.4 |
MEDIUM
Network
|
ibm
|
tivoli_netcool\/impact
|
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4569
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219433
|
4.4 |
MEDIUM
Local
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-F…
|
NVD-CWE-noinfo
|
CVE-2019-4243
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219434
|
4.6 |
MEDIUM
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
|
CWE-74
Injection
|
CVE-2019-4216
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219435
|
6.1 |
MEDIUM
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could e…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4215
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219436
|
3.7 |
LOW
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in th…
|
CWE-311
CWE-732
Missing Encryption of Sensitive Data
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-4214
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219437
|
8.8 |
HIGH
Network
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-4561
|
2024-11-21 13:43 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219438
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
|
NVD-CWE-noinfo
|
CVE-2019-4530
|
2024-11-21 13:43 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219439
|
7.1 |
HIGH
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform u…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-4652
|
2024-11-21 13:43 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219440
|
6.1 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4645
|
2024-11-21 13:43 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
