|
219161
|
4.6 |
MEDIUM
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
|
CWE-74
Injection
|
CVE-2019-4216
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219162
|
6.1 |
MEDIUM
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could e…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4215
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219163
|
3.7 |
LOW
Network
|
ibm
|
smartcloud_analytics_log_analysis
|
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in th…
|
CWE-311
CWE-732
Missing Encryption of Sensitive Data
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-4214
|
2024-11-21 13:43 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219164
|
8.8 |
HIGH
Network
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-4561
|
2024-11-21 13:43 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219165
|
6.5 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
|
NVD-CWE-noinfo
|
CVE-2019-4530
|
2024-11-21 13:43 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219166
|
7.1 |
HIGH
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform u…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-4652
|
2024-11-21 13:43 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219167
|
6.1 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4645
|
2024-11-21 13:43 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219168
|
6.1 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4581
|
2024-11-21 13:43 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219169
|
6.5 |
MEDIUM
Network
|
ibm
|
qradar_advisor_with_watson
|
IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integr…
|
NVD-CWE-noinfo
|
CVE-2019-4556
|
2024-11-21 13:43 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219170
|
4.3 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.
|
CWE-863
Incorrect Authorization
|
CVE-2019-4509
|
2024-11-21 13:43 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
