|
221181
|
8.8 |
HIGH
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM…
|
CWE-352
Origin Validation Error
|
CVE-2019-4613
|
2024-11-21 13:43 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221182
|
9.8 |
CRITICAL
Network
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external comp…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-4675
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221183
|
4.9 |
MEDIUM
Network
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) t…
|
CWE-22
Path Traversal
|
CVE-2019-4674
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221184
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or br…
|
CWE-200
Information Exposure
|
CVE-2019-4562
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221185
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-4551
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221186
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
|
NVD-CWE-noinfo
|
CVE-2019-4550
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221187
|
6.1 |
MEDIUM
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit th…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4548
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221188
|
7.2 |
HIGH
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity…
|
NVD-CWE-noinfo
|
CVE-2019-4541
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221189
|
7.5 |
HIGH
Network
|
ibm
|
security_directory_server
|
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-4540
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221190
|
5.4 |
MEDIUM
Network
|
ibm
|
security_identity_manager
|
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4451
|
2024-11-21 13:43 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
