|
201321
|
9.1 |
CRITICAL
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive infor…
|
CWE-611
XXE
|
CVE-2020-4377
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201322
|
6.3 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager_for_multiplatform
|
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete in…
|
CWE-89
SQL Injection
|
CVE-2020-4328
|
2024-11-21 14:32 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201323
|
5.3 |
MEDIUM
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
|
CWE-200
Information Exposure
|
CVE-2020-4186
|
2024-11-21 14:32 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201324
|
7.5 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4185
|
2024-11-21 14:32 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201325
|
7.5 |
HIGH
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.
|
CWE-521
Weak Password Requirements
|
CVE-2020-4574
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201326
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.
|
NVD-CWE-noinfo
|
CVE-2020-4573
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201327
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-4572
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201328
|
6.5 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypass…
|
NVD-CWE-noinfo
|
CVE-2020-4569
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201329
|
9.8 |
CRITICAL
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4567
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201330
|
8.2 |
HIGH
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s…
|
CWE-611
XXE
|
CVE-2020-4463
|
2024-11-21 14:32 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
