CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2019-5137 798 2020-02-25 2022-06-13
5.0
None Remote Low Not required Partial None None
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
1002 CVE-2019-5136 2020-02-25 2022-06-13
9.0
None Remote Low ??? Complete Complete Complete
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
1003 CVE-2019-4752 89 Sql 2020-02-20 2020-02-21
6.5
None Remote Low ??? Partial Partial Partial
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
1004 CVE-2019-4745 863 2020-02-24 2020-08-24
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
1005 CVE-2019-4741 918 2020-02-12 2020-02-14
5.0
None Remote Low Not required Partial None None
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.
1006 CVE-2019-4732 426 Exec Code 2020-02-03 2020-02-06
6.9
None Local Medium Not required Complete Complete Complete
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
1007 CVE-2019-4726 352 CSRF 2020-02-26 2020-03-12
4.3
None Remote Medium Not required None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363.
1008 CVE-2019-4703 +Info 2020-02-24 2020-08-24
2.9
None Local Network Medium Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.
1009 CVE-2019-4675 798 2020-02-04 2020-02-12
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.
1010 CVE-2019-4674 22 Dir. Trav. 2020-02-04 2020-02-06
4.0
None Remote Low ??? Partial None None
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.
1011 CVE-2019-4672 +Info 2020-02-25 2020-08-24
5.0
None Remote Low Not required Partial None None
IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438.
1012 CVE-2019-4670 +Info 2020-02-05 2020-08-24
4.0
None Remote Low ??? Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.
1013 CVE-2019-4669 89 Sql 2020-02-27 2020-02-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
1014 CVE-2019-4666 +Info 2020-02-13 2020-08-24
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.
1015 CVE-2019-4640 20 2020-02-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
1016 CVE-2019-4616 311 2020-02-05 2020-08-24
2.9
None Local Network Medium Not required Partial None None
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.
1017 CVE-2019-4613 352 CSRF 2020-02-05 2020-02-06
6.8
None Remote Medium Not required Partial Partial Partial
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.
1018 CVE-2019-4598 89 Sql 2020-02-26 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.
1019 CVE-2019-4597 89 Sql 2020-02-26 2020-02-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.
1020 CVE-2019-4596 79 XSS 2020-02-26 2020-02-27
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879.
1021 CVE-2019-4595 601 +Info 2020-02-24 2020-02-24
5.8
None Remote Medium Not required Partial Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878.
1022 CVE-2019-4592 DoS 2020-02-13 2020-08-24
5.0
None Remote Low Not required None None Partial
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
1023 CVE-2019-4583 209 +Info 2020-02-20 2020-08-24
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
1024 CVE-2019-4562 200 +Info 2020-02-04 2020-02-04
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.
1025 CVE-2019-4557 326 2020-02-25 2020-02-25
5.0
None Remote Low Not required Partial None None
IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206.
1026 CVE-2019-4551 306 2020-02-04 2020-02-04
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.
1027 CVE-2019-4550 2020-02-04 2020-08-24
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
1028 CVE-2019-4548 1021 2020-02-04 2020-02-05
4.3
None Remote Medium Not required None Partial None
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.
1029 CVE-2019-4541 20 Bypass 2020-02-04 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.
1030 CVE-2019-4540 327 2020-02-04 2020-02-05
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.
1031 CVE-2019-4537 +Info 2020-02-26 2020-08-24
5.0
None Remote Low Not required Partial None None
IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593.
1032 CVE-2019-4457 +Info 2020-02-19 2020-08-24
4.0
None Remote Low ??? Partial None None
IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.
1033 CVE-2019-4451 79 XSS 2020-02-04 2020-02-06
3.5
None Remote Medium ??? None Partial None
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.
1034 CVE-2019-4431 79 XSS 2020-02-12 2020-02-14
3.5
None Remote Medium ??? None Partial None
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888.
1035 CVE-2019-4429 79 XSS 2020-02-19 2020-02-24
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
1036 CVE-2019-4427 327 2020-02-12 2020-02-14
5.0
None Remote Low Not required Partial None None
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.
1037 CVE-2019-4392 798 2020-02-14 2020-02-19
10.0
None Remote Low Not required Complete Complete Complete
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
1038 CVE-2019-4301 Exec Code 2020-02-28 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
1039 CVE-2019-4000 94 Exec Code 2020-02-25 2021-09-08
7.2
None Local Low Not required Complete Complete Complete
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.
1040 CVE-2019-3999 78 Exec Code 2020-02-25 2022-01-01
7.2
None Local Low Not required Complete Complete Complete
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
1041 CVE-2019-3998 287 Bypass 2020-02-13 2020-02-25
1.9
None Local Medium Not required None Partial None
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to.
1042 CVE-2019-3698 59 2020-02-28 2021-09-14
6.9
None Local Medium Not required Complete Complete Complete
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
1043 CVE-2019-3670 79 Exec Code XSS 2020-02-24 2020-02-25
4.3
None Remote Medium Not required None Partial None
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.
1044 CVE-2019-2200 276 Bypass 2020-02-13 2020-02-18
6.9
None Local Medium Not required Complete Complete Complete
In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274
1045 CVE-2019-1950 1188 +Priv 2020-02-19 2020-10-19
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
1046 CVE-2018-21035 770 DoS 2020-02-28 2020-08-24
5.0
None Remote Low Not required None None Partial
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
1047 CVE-2018-21033 20 2020-02-14 2020-02-27
4.0
None Remote Low ??? None Partial None
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
1048 CVE-2018-21032 209 2020-02-14 2020-02-27
4.0
None Remote Low ??? Partial None None
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.
1049 CVE-2018-16994 2020-02-18 2020-08-24
7.8
None Remote Low Not required None None Complete
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
1050 CVE-2018-14705 287 2020-02-24 2020-03-02
10.0
None Remote Low Not required Complete Complete Complete
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.
Total number of vulnerabilities : 1395   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.