Filtered by vendor Ibm
Subscribe
Total
7009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4242 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2020-03-31 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. | |||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2020-03-31 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
| CVE-2020-4214 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 6.4 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. | |||||
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | |||||
| CVE-2020-4235 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408. | |||||
| CVE-2020-4237 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410. | |||||
| CVE-2020-4238 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411. | |||||
| CVE-2019-4681 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. | |||||
| CVE-2020-4253 | 1 Ibm | 1 Content Navigator | 2020-03-24 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. | |||||
| CVE-2020-4309 | 1 Ibm | 1 Content Navigator | 2020-03-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. | |||||
| CVE-2019-4718 | 1 Ibm | 1 Jazz For Service Management | 2020-03-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. | |||||
| CVE-2019-4617 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2020-03-20 | 3.6 LOW | 4.4 MEDIUM |
| IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | |||||
| CVE-2020-4205 | 1 Ibm | 1 Datapower Gateway | 2020-03-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. | |||||
| CVE-2020-4199 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2020-03-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. | |||||
| CVE-2019-4555 | 1 Ibm | 1 Cognos Analytics | 2020-03-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204. | |||||
| CVE-2019-4726 | 1 Ibm | 1 Sterling B2b Integrator | 2020-03-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | |||||
| CVE-2020-4162 | 1 Ibm | 1 Infosphere Information Server | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342. | |||||
| CVE-2020-4217 | 1 Ibm | 1 Spectrum Scale | 2020-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067. | |||||
| CVE-2012-6277 | 3 Hp, Ibm, Symantec | 7 Autonomy Keyview Idol, Domino, Notes and 4 more | 2020-03-04 | 9.3 HIGH | 7.8 HIGH |
| Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | |||||
| CVE-2012-0718 | 1 Ibm | 1 Tivoli Endpoint Manager | 2020-03-04 | 5.8 MEDIUM | 5.4 MEDIUM |
| IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. | |||||