|
200831
|
4.4 |
MEDIUM
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.
|
CWE-384
Session Fixation
|
CVE-2020-5021
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200832
|
6.1 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker coul…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-5020
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200833
|
6.5 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remo…
|
CWE-74
Injection
|
CVE-2020-5019
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200834
|
7.5 |
HIGH
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-5018
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200835
|
5.5 |
MEDIUM
Local
|
ibm
|
spectrum_protect
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
|
NVD-CWE-noinfo
|
CVE-2020-5017
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200836
|
4.3 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.
|
CWE-20
Improper Input Validation
|
CVE-2020-4667
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200837
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4666
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200838
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4664
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200839
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_requirements_quality_assistant_on-premises
|
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4663
|
2024-11-21 14:33 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200840
|
7.5 |
HIGH
Network
|
ibm
|
emptoris_strategic_supply_management
|
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4898
|
2024-11-21 14:33 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
