|
222841
|
4.4 |
MEDIUM
Local
|
ibm
|
cloud_automation_manager
|
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utili…
|
CWE-384
Session Fixation
|
CVE-2019-4617
|
2024-11-21 13:43 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222842
|
5.4 |
MEDIUM
Network
|
ibm
|
tivoli_workload_scheduler
|
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4608
|
2024-11-21 13:43 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222843
|
8.4 |
HIGH
Network
|
hcltech
|
self-service_application
|
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
|
NVD-CWE-noinfo
|
CVE-2019-4301
|
2024-11-21 13:43 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222844
|
6.3 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remot…
|
CWE-89
SQL Injection
|
CVE-2019-4669
|
2024-11-21 13:43 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222845
|
6.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to v…
|
CWE-89
SQL Injection
|
CVE-2019-4598
|
2024-11-21 13:43 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222846
|
6.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to v…
|
CWE-89
SQL Injection
|
CVE-2019-4597
|
2024-11-21 13:43 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222847
|
5.4 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4596
|
2024-11-21 13:43 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222848
|
5.3 |
MEDIUM
Network
|
ibm
|
websphere_service_registry_and_repository
|
IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593.
|
NVD-CWE-noinfo
|
CVE-2019-4537
|
2024-11-21 13:43 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222849
|
7.8 |
HIGH
Local
|
druva
|
insync
|
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privil…
|
CWE-94
Code Injection
|
CVE-2019-4000
|
2024-11-21 13:43 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222850
|
7.8 |
HIGH
Local
|
druva
|
insync_client
|
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYS…
|
CWE-78
OS Command
|
CVE-2019-3999
|
2024-11-21 13:43 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
