|
219011
|
4.6 |
MEDIUM
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.
|
NVD-CWE-noinfo
|
CVE-2019-4351
|
2024-11-21 13:43 |
2022-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219012
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2019-4291
|
2024-11-21 13:43 |
2022-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219013
|
5.4 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4653
|
2024-11-21 13:43 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219014
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote att…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2019-4471
|
2024-11-21 13:43 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219015
|
7.8 |
HIGH
Local
|
ibm
|
db2
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-4588
|
2024-11-21 13:43 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219016
|
5.3 |
MEDIUM
Network
|
ibm
|
security_guardium_data_encrpytion
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-4687
|
2024-11-21 13:43 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219017
|
7.5 |
HIGH
Network
|
ibm
|
security_guardium_data_encrpytion
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2019-4160
|
2024-11-21 13:43 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219018
|
3.5 |
LOW
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the servi…
|
CWE-200
Information Exposure
|
CVE-2019-4349
|
2024-11-21 13:43 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219019
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or…
|
CWE-384
Session Fixation
|
CVE-2019-4563
|
2024-11-21 13:43 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219020
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-4547
|
2024-11-21 13:43 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
