|
207821
|
6.5 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485.
|
CWE-863
Incorrect Authorization
|
CVE-2020-4249
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207822
|
7.1 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to …
|
CWE-611
XXE
|
CVE-2020-4246
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207823
|
7.5 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-For…
|
CWE-521
Weak Password Requirements
|
CVE-2020-4245
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207824
|
5.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422.
|
NVD-CWE-noinfo
|
CVE-2020-4244
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207825
|
5.3 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-4233
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207826
|
7.5 |
HIGH
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the syste…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-4232
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207827
|
6.5 |
MEDIUM
Network
|
ibm
|
security_identity_governance_and_intelligence
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335.
|
CWE-20
Improper Input Validation
|
CVE-2020-4231
|
2024-11-21 14:32 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207828
|
7.5 |
HIGH
Network
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4379
|
2024-11-21 14:32 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207829
|
4.9 |
MEDIUM
Network
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.
|
NVD-CWE-noinfo
|
CVE-2020-4378
|
2024-11-21 14:32 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207830
|
5.4 |
MEDIUM
Network
|
ibm
|
spectrum_scale
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4358
|
2024-11-21 14:32 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
