CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3251 CVE-2020-4917 352 CSRF 2021-01-04 2021-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.
3252 CVE-2020-4912 269 2021-01-04 2021-01-05
6.5
None Remote Low ??? Partial Partial Partial
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
3253 CVE-2020-4903 +Info 2021-03-08 2021-03-12
6.4
None Remote Low Not required Partial Partial None
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
3254 CVE-2020-4901 DoS +Info 2021-05-07 2021-05-11
6.4
None Remote Low Not required Partial None Partial
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
3255 CVE-2020-4899 319 +Info 2021-01-05 2021-01-07
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
3256 CVE-2020-4896 444 2021-01-07 2021-01-13
6.4
None Remote Low Not required Partial Partial None
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
3257 CVE-2020-4828 20 2021-02-04 2021-02-04
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.
3258 CVE-2020-4795 200 +Info 2021-02-09 2021-02-11
6.4
None Remote Low Not required Partial Partial None
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
3259 CVE-2020-4762 2021-01-05 2021-01-08
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.
3260 CVE-2020-4739 426 Exec Code 2020-11-20 2020-12-03
6.9
None Local Medium Not required Complete Complete Complete
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.
3261 CVE-2020-4703 434 Exec Code 2020-09-15 2020-09-16
6.0
None Remote Medium ??? Partial Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
3262 CVE-2020-4700 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.
3263 CVE-2020-4685 269 +Priv 2020-11-11 2020-11-20
6.5
None Remote Low ??? Partial Partial Partial
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.
3264 CVE-2020-4670 287 Bypass 2021-05-17 2021-05-24
6.4
None Remote Low Not required Partial Partial None
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.
3265 CVE-2020-4669 862 2021-05-17 2021-05-24
6.4
None Remote Low Not required Partial Partial None
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.
3266 CVE-2020-4662 287 2020-08-14 2020-08-14
6.5
None Remote Low ??? Partial Partial Partial
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.
3267 CVE-2020-4655 89 Sql 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.
3268 CVE-2020-4647 89 Sql 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
3269 CVE-2020-4638 269 2020-09-03 2020-09-10
6.5
None Remote Low ??? Partial Partial Partial
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.
3270 CVE-2020-4636 77 2020-10-16 2020-10-19
6.5
None Remote Low ??? Partial Partial Partial
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.
3271 CVE-2020-4621 863 2020-09-22 2020-09-22
6.5
None Remote Low ??? Partial Partial Partial
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.
3272 CVE-2020-4611 732 Bypass 2020-09-22 2020-09-22
6.5
None Remote Low ??? Partial Partial Partial
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
3273 CVE-2020-4603 269 2020-08-27 2020-08-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.
3274 CVE-2020-4588 434 Exec Code 2020-10-30 2020-11-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.
3275 CVE-2020-4569 668 Bypass 2020-07-29 2020-07-29
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158.
3276 CVE-2020-4554 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322.
3277 CVE-2020-4553 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321.
3278 CVE-2020-4552 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320.
3279 CVE-2020-4551 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319.
3280 CVE-2020-4550 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318.
3281 CVE-2020-4549 119 Exec Code Overflow Mem. Corr. 2020-08-03 2020-08-03
6.9
None Local Medium Not required Complete Complete Complete
IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.
3282 CVE-2020-4529 918 2020-06-08 2020-06-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.
3283 CVE-2020-4520 94 Exec Code 2021-06-01 2021-06-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395.
3284 CVE-2020-4512 78 Exec Code 2020-07-14 2020-07-14
6.5
None Remote Low ??? Partial Partial Partial
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.
3285 CVE-2020-4481 776 2020-08-05 2020-08-11
6.4
None Remote Low Not required Partial None Partial
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
3286 CVE-2020-4471 20 DoS 2020-06-15 2020-06-17
6.4
None Remote Low Not required None Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.
3287 CVE-2020-4470 434 Exec Code 2020-06-15 2020-06-17
6.0
None Remote Medium ??? Partial Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.
3288 CVE-2020-4463 611 2020-07-29 2020-07-30
6.4
None Remote Low Not required Partial None Partial
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.
3289 CVE-2020-4462 611 2020-07-16 2020-07-22
6.4
None Remote Low Not required Partial None Partial
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
3290 CVE-2020-4436 120 Exec Code Overflow 2020-06-10 2020-06-15
6.0
None Remote Medium ??? Partial Partial Partial
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.
3291 CVE-2020-4435 119 Exec Code Overflow Mem. Corr. 2020-06-10 2020-06-15
6.0
None Remote Medium ??? Partial Partial Partial
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
3292 CVE-2020-4434 120 Exec Code Overflow 2020-06-10 2020-06-15
6.0
None Remote Medium ??? Partial Partial Partial
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.
3293 CVE-2020-4432 74 Exec Code 2020-06-10 2020-06-15
6.0
None Remote Medium ??? Partial Partial Partial
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.
3294 CVE-2020-4388 755 DoS 2020-10-12 2020-10-14
6.4
None Remote Low Not required Partial None Partial
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
3295 CVE-2020-4377 776 2020-08-03 2020-08-03
6.4
None Remote Low Not required Partial None Partial
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
3296 CVE-2020-4362 269 2020-04-10 2020-04-10
6.5
None Remote Low ??? Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.
3297 CVE-2020-4328 89 Sql 2020-08-03 2020-08-04
6.5
None Remote Low ??? Partial Partial Partial
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
3298 CVE-2020-4311 732 Exec Code 2020-04-23 2020-04-28
6.9
None Local Medium Not required Complete Complete Complete
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
3299 CVE-2020-4300 611 2021-06-01 2021-06-04
6.4
None Remote Low Not required Partial None Partial
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
3300 CVE-2020-4294 918 2020-04-15 2020-04-21
6.5
None Remote Low ??? Partial Partial Partial
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.