| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2020-4429 |
798 |
|
Exec Code |
2020-05-07 |
2020-05-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. |
|
602 |
CVE-2020-4428 |
78 |
|
Exec Code |
2020-05-07 |
2020-05-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. |
|
603 |
CVE-2020-4427 |
287 |
|
Bypass |
2020-05-07 |
2020-05-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. |
|
604 |
CVE-2020-4422 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. |
|
605 |
CVE-2020-4421 |
287 |
|
|
2020-05-06 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084. |
|
606 |
CVE-2020-4419 |
79 |
|
XSS |
2020-05-28 |
2020-05-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071. |
|
607 |
CVE-2020-4412 |
|
|
DoS |
2020-05-19 |
2020-05-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. |
|
608 |
CVE-2020-4411 |
20 |
|
DoS |
2020-05-19 |
2020-05-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. |
|
609 |
CVE-2020-4384 |
79 |
|
XSS |
2020-05-06 |
2020-05-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. |
|
610 |
CVE-2020-4379 |
327 |
|
|
2020-05-27 |
2020-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. |
|
611 |
CVE-2020-4378 |
|
|
|
2020-05-27 |
2020-05-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. |
|
612 |
CVE-2020-4365 |
918 |
|
|
2020-05-14 |
2020-05-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. |
|
613 |
CVE-2020-4358 |
79 |
|
XSS |
2020-05-27 |
2020-05-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762. |
|
614 |
CVE-2020-4357 |
200 |
|
+Info |
2020-05-27 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. |
|
615 |
CVE-2020-4352 |
269 |
|
|
2020-05-29 |
2021-07-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. |
|
616 |
CVE-2020-4350 |
327 |
|
|
2020-05-27 |
2020-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. |
|
617 |
CVE-2020-4349 |
327 |
|
|
2020-05-27 |
2020-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. |
|
618 |
CVE-2020-4348 |
863 |
|
|
2020-05-27 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 |
|
619 |
CVE-2020-4346 |
200 |
|
+Info |
2020-05-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. |
|
620 |
CVE-2020-4343 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. |
|
621 |
CVE-2020-4312 |
200 |
|
+Info |
2020-05-13 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. |
|
622 |
CVE-2020-4306 |
79 |
|
XSS |
2020-05-29 |
2020-05-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. |
|
623 |
CVE-2020-4299 |
200 |
|
+Info |
2020-05-14 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. |
|
624 |
CVE-2020-4298 |
79 |
|
XSS |
2020-05-19 |
2020-05-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. |
|
625 |
CVE-2020-4288 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. |
|
626 |
CVE-2020-4287 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269. |
|
627 |
CVE-2020-4286 |
352 |
|
CSRF |
2020-05-19 |
2020-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. |
|
628 |
CVE-2020-4285 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266 |
|
629 |
CVE-2020-4266 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649. |
|
630 |
CVE-2020-4265 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. |
|
631 |
CVE-2020-4264 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647. |
|
632 |
CVE-2020-4263 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646. |
|
633 |
CVE-2020-4262 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. |
|
634 |
CVE-2020-4261 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. |
|
635 |
CVE-2020-4259 |
276 |
|
|
2020-05-14 |
2020-05-15 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. |
|
636 |
CVE-2020-4258 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637. |
|
637 |
CVE-2020-4257 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-05-14 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. |
|
638 |
CVE-2020-4249 |
200 |
|
+Info |
2020-05-28 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. |
|
639 |
CVE-2020-4248 |
200 |
|
+Info |
2020-05-28 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. |
|
640 |
CVE-2020-4246 |
611 |
|
|
2020-05-28 |
2020-05-28 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. |
|
641 |
CVE-2020-4245 |
521 |
|
|
2020-05-28 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. |
|
642 |
CVE-2020-4244 |
200 |
|
+Info |
2020-05-28 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. |
|
643 |
CVE-2020-4233 |
200 |
|
+Info |
2020-05-28 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. |
|
644 |
CVE-2020-4232 |
522 |
|
|
2020-05-28 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. |
|
645 |
CVE-2020-4231 |
20 |
|
|
2020-05-28 |
2020-05-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. |
|
646 |
CVE-2020-4226 |
200 |
|
+Info |
2020-05-27 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207. |
|
647 |
CVE-2020-4209 |
22 |
|
Dir. Trav. |
2020-05-04 |
2020-05-08 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. |
|
648 |
CVE-2020-4195 |
1021 |
|
|
2020-05-12 |
2020-05-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. |
|
649 |
CVE-2020-4092 |
319 |
|
|
2020-05-06 |
2020-05-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content." |
|
650 |
CVE-2020-3957 |
367 |
|
|
2020-05-29 |
2021-09-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. |
