|
201421
|
5.4 |
MEDIUM
Network
|
ibm
|
intelligent_operations_center
intelligent_operations_center_for_emergency_management
water_operations_for_waternamics
|
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability al…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4317
|
2024-11-21 14:32 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201422
|
4.3 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-4405
|
2024-11-21 14:32 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201423
|
5.4 |
MEDIUM
Network
|
ibm
|
filenet_content_manager
|
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4447
|
2024-11-21 14:32 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201424
|
7.5 |
HIGH
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4400
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201425
|
6.5 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
|
NVD-CWE-noinfo
|
CVE-2020-4399
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201426
|
5.9 |
MEDIUM
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-4397
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201427
|
9.8 |
CRITICAL
Network
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4385
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201428
|
7.8 |
HIGH
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-4372
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201429
|
3.3 |
LOW
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4371
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201430
|
5.5 |
MEDIUM
Local
|
ibm
|
verify_gateway
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-4369
|
2024-11-21 14:32 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
