|
220081
|
5.5 |
MEDIUM
Local
|
ibm
|
cloud_private
|
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-4143
|
2024-11-21 13:43 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220082
|
5.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses…
|
CWE-200
Information Exposure
|
CVE-2019-4051
|
2024-11-21 13:43 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220083
|
4.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client …
|
NVD-CWE-noinfo
|
CVE-2019-4045
|
2024-11-21 13:43 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220084
|
7.8 |
HIGH
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary …
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-4014
|
2024-11-21 13:43 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220085
|
4.4 |
MEDIUM
Local
|
ibm
|
spectrum_protect
|
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-4093
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220086
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to con…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-4080
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220087
|
7.1 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabil…
|
CWE-611
XXE
|
CVE-2019-4043
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220088
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cau…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-4046
|
2024-11-21 13:43 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220089
|
7.5 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
|
NVD-CWE-noinfo
|
CVE-2019-4052
|
2024-11-21 13:43 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220090
|
5.4 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to …
|
CWE-601
Open Redirect
|
CVE-2019-4035
|
2024-11-21 13:43 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
