Search Results (85441 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-4724 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 7.5 High
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
CVE-2019-4723 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 7.5 High
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
CVE-2019-4720 1 Ibm 1 Websphere Application Server 2024-11-21 7.5 High
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVE-2019-4715 1 Ibm 1 Spectrum Scale 2024-11-21 8.8 High
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.
CVE-2019-4713 1 Ibm 2 Guardium Data Encryption, Guardium For Cloud Key Management 2024-11-21 8.8 High
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084.
CVE-2019-4707 1 Ibm 1 Security Access Manager 2024-11-21 7.1 High
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
CVE-2019-4698 1 Ibm 2 Guardium Data Encryption, Guardium For Cloud Key Management 2024-11-21 7.5 High
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.
CVE-2019-4689 1 Ibm 2 Guardium Data Encryption, Guardium For Cloud Key Management 2024-11-21 7.5 High
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826.
CVE-2019-4680 1 Ibm 1 Sterling B2b Integrator 2024-11-21 8.8 High
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.
CVE-2019-4676 1 Ibm 1 Security Identity Manager Virtual Appliance 2024-11-21 7.8 High
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
CVE-2019-4652 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 7.1 High
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.
CVE-2019-4639 1 Ibm 1 Security Secret Server 2024-11-21 7.5 High
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.
CVE-2019-4620 1 Ibm 1 Mq Appliance 2024-11-21 7.8 High
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.
CVE-2019-4613 1 Ibm 1 Planning Analytics 2024-11-21 8.8 High
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.
CVE-2019-4612 1 Ibm 1 Planning Analytics 2024-11-21 8.8 High
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4609 1 Ibm 1 Api Connect 2024-11-21 7.5 High
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.
CVE-2019-4606 4 Ibm, Linux, Microsoft and 1 more 4 Db2 High Performance Unload Load, Linux Kernel, Windows and 1 more 2024-11-21 7.8 High
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.
CVE-2019-4592 1 Ibm 1 Tivoli Monitoring 2024-11-21 7.5 High
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
CVE-2019-4591 1 Ibm 1 Maximo Asset Management 2024-11-21 7.8 High
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
CVE-2019-4588 2 Ibm, Microsoft 2 Db2, Windows 2024-11-21 7.8 High
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.