VYPR

Vendor CVEs

IBM

All CVEs

8,267 total · sorted by risk
  • CVE-2020-4704MedNov 10, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2020-4785MedNov 3, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the…

  • CVE-2019-4563MedOct 29, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…

  • CVE-2019-4547MedOct 29, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.

  • CVE-2020-4755MedOct 20, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4564MedOct 20, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…

  • CVE-2020-4395MedOct 14, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.

  • CVE-2020-4741MedOct 12, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4681MedOct 12, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4680MedOct 12, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4780MedOct 12, 2020
    risk 0.35cvss 5.3epss 0.01

    OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.

  • CVE-2020-4775MedOct 12, 2020
    risk 0.35cvss 5.4epss 0.01

    A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a…

  • CVE-2020-4774MedOct 12, 2020
    risk 0.35cvss 5.4epss 0.01

    An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal…

  • CVE-2020-4531MedSep 25, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further…

  • CVE-2020-4616MedSep 22, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.

  • CVE-2020-4615MedSep 22, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2020-4708MedSep 16, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371.

  • CVE-2020-4530MedSep 15, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2020-4578MedSep 10, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4698MedSep 8, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2020-4516MedSep 8, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

  • CVE-2020-4702MedSep 4, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2020-4546MedSep 2, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4522MedSep 2, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4445MedSep 2, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2012-3341MedSep 1, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the…

  • CVE-2012-3338MedSep 1, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force…

  • CVE-2012-3337MedSep 1, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.

  • CVE-2020-4172MedAug 27, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.

  • CVE-2020-4166MedAug 27, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.

  • CVE-2019-4701MedAug 26, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936.

  • CVE-2019-4692MedAug 26, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.

  • CVE-2019-4691MedAug 26, 2020
    risk 0.35cvss 5.4epss 0.00

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4165MedAug 24, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…

  • CVE-2020-4542MedAug 4, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4525MedAug 4, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4396MedAug 4, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2019-4366MedAug 3, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.

  • CVE-2020-4186MedJul 30, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.

  • CVE-2020-4645MedJul 29, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4644MedJul 29, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and…

  • CVE-2020-4573MedJul 29, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.

  • CVE-2020-4572MedJul 29, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179.

  • CVE-2020-4318MedJul 28, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…

  • CVE-2020-4317MedJul 28, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…

  • CVE-2020-4447MedJul 23, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2019-4748MedJul 16, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2019-4747MedJul 16, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.

  • CVE-2020-4364MedJul 14, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4355MedJul 1, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker…

Page 55 of 166