|
220771
|
5.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses…
|
CWE-200
Information Exposure
|
CVE-2019-4051
|
2024-11-21 13:43 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220772
|
4.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client …
|
NVD-CWE-noinfo
|
CVE-2019-4045
|
2024-11-21 13:43 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220773
|
7.8 |
HIGH
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary …
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-4014
|
2024-11-21 13:43 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220774
|
4.4 |
MEDIUM
Local
|
ibm
|
spectrum_protect
|
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-4093
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220775
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to con…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-4080
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220776
|
7.1 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabil…
|
CWE-611
XXE
|
CVE-2019-4043
|
2024-11-21 13:43 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220777
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cau…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-4046
|
2024-11-21 13:43 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220778
|
7.5 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
|
NVD-CWE-noinfo
|
CVE-2019-4052
|
2024-11-21 13:43 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220779
|
5.4 |
MEDIUM
Network
|
ibm
|
content_navigator
|
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to …
|
CWE-601
Open Redirect
|
CVE-2019-4035
|
2024-11-21 13:43 |
2019-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220780
|
7.8 |
HIGH
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-4094
|
2024-11-21 13:43 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
