Vendor CVEs
IBM
All CVEs
8,259 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4681 | Med | 0.35 | 5.4 | 0.01 | Oct 12, 2020 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2020-4680 | Med | 0.35 | 5.4 | 0.01 | Oct 12, 2020 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2020-4780 | Med | 0.35 | 5.3 | 0.01 | Oct 12, 2020 | OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. | ||
| CVE-2020-4775 | Med | 0.35 | 5.4 | 0.01 | Oct 12, 2020 | A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a… | ||
| CVE-2020-4774 | Med | 0.35 | 5.4 | 0.01 | Oct 12, 2020 | An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal… | ||
| CVE-2020-4531 | Med | 0.35 | 5.3 | 0.01 | Sep 25, 2020 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further… | ||
| CVE-2020-4616 | Med | 0.35 | 5.3 | 0.02 | Sep 22, 2020 | IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. | ||
| CVE-2020-4615 | Med | 0.35 | 5.4 | 0.01 | Sep 22, 2020 | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2020-4708 | Med | 0.35 | 5.3 | 0.01 | Sep 16, 2020 | IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | ||
| CVE-2020-4530 | Med | 0.35 | 5.4 | 0.01 | Sep 15, 2020 | IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to… | ||
| CVE-2020-4578 | Med | 0.35 | 5.4 | 0.01 | Sep 10, 2020 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4698 | Med | 0.35 | 5.4 | 0.01 | Sep 8, 2020 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | ||
| CVE-2020-4516 | Med | 0.35 | 5.4 | 0.01 | Sep 8, 2020 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading… | ||
| CVE-2020-4702 | Med | 0.35 | 5.4 | 0.01 | Sep 4, 2020 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.… | ||
| CVE-2020-4546 | Med | 0.35 | 5.4 | 0.01 | Sep 2, 2020 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2020-4522 | Med | 0.35 | 5.4 | 0.01 | Sep 2, 2020 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2020-4445 | Med | 0.35 | 5.4 | 0.01 | Sep 2, 2020 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2012-3341 | Med | 0.35 | 5.4 | 0.01 | Sep 1, 2020 | IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the… | ||
| CVE-2012-3338 | Med | 0.35 | 5.3 | 0.01 | Sep 1, 2020 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force… | ||
| CVE-2012-3337 | Med | 0.35 | 5.3 | 0.02 | Sep 1, 2020 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. | ||
| CVE-2020-4172 | Med | 0.35 | 5.3 | 0.01 | Aug 27, 2020 | IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | ||
| CVE-2020-4166 | Med | 0.35 | 5.3 | 0.01 | Aug 27, 2020 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | ||
| CVE-2019-4701 | Med | 0.35 | 5.3 | 0.01 | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. | ||
| CVE-2019-4692 | Med | 0.35 | 5.3 | 0.01 | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | ||
| CVE-2019-4691 | Med | 0.35 | 5.4 | 0.00 | Aug 26, 2020 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4165 | Med | 0.35 | 5.4 | 0.01 | Aug 24, 2020 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | ||
| CVE-2020-4542 | Med | 0.35 | 5.4 | 0.01 | Aug 4, 2020 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4525 | Med | 0.35 | 5.4 | 0.01 | Aug 4, 2020 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4396 | Med | 0.35 | 5.4 | 0.01 | Aug 4, 2020 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2019-4366 | Med | 0.35 | 5.3 | 0.01 | Aug 3, 2020 | IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. | ||
| CVE-2020-4186 | Med | 0.35 | 5.3 | 0.01 | Jul 30, 2020 | IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. | ||
| CVE-2020-4645 | Med | 0.35 | 5.4 | 0.01 | Jul 29, 2020 | IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4644 | Med | 0.35 | 5.4 | 0.01 | Jul 29, 2020 | IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and… | ||
| CVE-2020-4573 | Med | 0.35 | 5.3 | 0.01 | Jul 29, 2020 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | ||
| CVE-2020-4572 | Med | 0.35 | 5.3 | 0.02 | Jul 29, 2020 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179. | ||
| CVE-2020-4318 | Med | 0.35 | 5.4 | 0.01 | Jul 28, 2020 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the… | ||
| CVE-2020-4317 | Med | 0.35 | 5.4 | 0.01 | Jul 28, 2020 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the… | ||
| CVE-2020-4447 | Med | 0.35 | 5.4 | 0.01 | Jul 23, 2020 | IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.… | ||
| CVE-2019-4748 | Med | 0.35 | 5.4 | 0.01 | Jul 16, 2020 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2019-4747 | Med | 0.35 | 5.4 | 0.01 | Jul 16, 2020 | IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887. | ||
| CVE-2020-4364 | Med | 0.35 | 5.4 | 0.01 | Jul 14, 2020 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2020-4355 | Med | 0.35 | 5.3 | 0.02 | Jul 1, 2020 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker… | ||
| CVE-2020-4557 | Med | 0.35 | 5.4 | 0.01 | Jun 29, 2020 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | ||
| CVE-2020-4223 | Med | 0.35 | 5.4 | 0.01 | Jun 26, 2020 | IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… | ||
| CVE-2020-4342 | Med | 0.35 | 5.3 | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182. | ||
| CVE-2020-4341 | Med | 0.35 | 5.3 | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | ||
| CVE-2020-4327 | Med | 0.35 | 5.3 | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | ||
| CVE-2020-4188 | Med | 0.35 | 5.3 | 0.01 | Jun 23, 2020 | IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. | ||
| CVE-2020-4297 | Med | 0.35 | 5.4 | 0.01 | Jun 19, 2020 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | ||
| CVE-2020-4295 | Med | 0.35 | 5.4 | 0.01 | Jun 19, 2020 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… |
- risk 0.35cvss 5.4epss 0.01
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.35cvss 5.4epss 0.01
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.35cvss 5.3epss 0.01
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
- risk 0.35cvss 5.4epss 0.01
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a…
- risk 0.35cvss 5.4epss 0.01
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal…
- risk 0.35cvss 5.3epss 0.01
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further…
- risk 0.35cvss 5.3epss 0.02
IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.
- risk 0.35cvss 5.4epss 0.01
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.35cvss 5.3epss 0.01
IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371.
- risk 0.35cvss 5.4epss 0.01
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…
- risk 0.35cvss 5.4epss 0.01
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
- risk 0.35cvss 5.4epss 0.01
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…
- risk 0.35cvss 5.4epss 0.01
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.35cvss 5.4epss 0.01
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the…
- risk 0.35cvss 5.3epss 0.01
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force…
- risk 0.35cvss 5.3epss 0.02
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.
- risk 0.35cvss 5.4epss 0.00
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.3epss 0.01
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
- risk 0.35cvss 5.4epss 0.01
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.4epss 0.01
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and…
- risk 0.35cvss 5.3epss 0.01
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.
- risk 0.35cvss 5.3epss 0.02
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179.
- risk 0.35cvss 5.4epss 0.01
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
- risk 0.35cvss 5.4epss 0.01
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
- risk 0.35cvss 5.4epss 0.01
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…
- risk 0.35cvss 5.4epss 0.01
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.35cvss 5.4epss 0.01
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
- risk 0.35cvss 5.4epss 0.01
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.35cvss 5.3epss 0.02
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker…
- risk 0.35cvss 5.4epss 0.01
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
- risk 0.35cvss 5.4epss 0.01
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
- risk 0.35cvss 5.3epss 0.01
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.
- risk 0.35cvss 5.3epss 0.01
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.
- risk 0.35cvss 5.3epss 0.01
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.
- risk 0.35cvss 5.3epss 0.01
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.
- risk 0.35cvss 5.4epss 0.01
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- risk 0.35cvss 5.4epss 0.01
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
Page 65 of 166