Total
339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5008 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.3 Medium |
| IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. | ||||
| CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 3.3 Low |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.3 Low |
| IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | ||||
| CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.5 Medium |
| IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | ||||
| CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 3.3 Low |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | ||||
| CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 3.3 Low |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | ||||
| CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 3.3 Low |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | ||||
| CVE-2020-4765 | 1 Ibm | 1 Cloud Pak For Multicloud Management | 2024-11-21 | 3.3 Low |
| IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | ||||
| CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2024-11-21 | 3.3 Low |
| The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | ||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.3 Medium |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | ||||
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-11-21 | 4.3 Medium |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | ||||
| CVE-2020-4650 | 1 Ibm | 1 Maximo Spatial Asset Management | 2024-11-21 | 3.3 Low |
| IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | ||||
| CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 3.3 Low |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | ||||
| CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-11-21 | 3.3 Low |
| IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | ||||
| CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2024-11-21 | 4.3 Medium |
| IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | ||||
| CVE-2020-4197 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-11-21 | 2.4 Low |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908. | ||||
| CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 4.3 Medium |
| IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | ||||
| CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-11-21 | 4.3 Medium |
| In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | ||||
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2024-11-21 | 6.5 Medium |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | ||||
| CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 4.3 Medium |
| An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | ||||