| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-4000 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allo... | | |
| CVE-2020-4001 | The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash A... | | |
| CVE-2020-4002 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 hand... | | |
| CVE-2020-4003 | VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 w... | | |
| CVE-2020-4004 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020... | S | |
| CVE-2020-4005 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020... | S | |
| CVE-2020-4006 | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector addr... | KEV | |
| CVE-2020-4008 | The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain fil... | | |
| CVE-2020-4013 | The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers t... | | |
| CVE-2020-4014 | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows r... | | |
| CVE-2020-4015 | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 all... | | |
| CVE-2020-4016 | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye an... | | |
| CVE-2020-4017 | The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fish... | | |
| CVE-2020-4018 | The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers t... | | |
| CVE-2020-4019 | The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local atta... | | |
| CVE-2020-4020 | The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote... | | |
| CVE-2020-4021 | Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data C... | | |
| CVE-2020-4022 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6... | | |
| CVE-2020-4023 | The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote at... | | |
| CVE-2020-4024 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6... | | |
| CVE-2020-4025 | The attachment download resource in Atlassian Jira Server and Data Center The attachment download re... | | |
| CVE-2020-4026 | The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from ve... | | |
| CVE-2020-4027 | Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with syste... | S | |
| CVE-2020-4028 | Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthe... | | |
| CVE-2020-4029 | The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center befor... | | |
| CVE-2020-4030 | OOB read in `TrioParse` in FreeRDP | S | |
| CVE-2020-4031 | Use-After-Free in gdi_SelectObject in FreeRDP | S | |
| CVE-2020-4032 | Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP | S | |
| CVE-2020-4033 | OOB Read in RLEDECOMPRESS in FreeRDP | S | |
| CVE-2020-4035 | DoS or local data modification via malicious record IDs in WatermelonDB | S | |
| CVE-2020-4037 | Open Redirect in OAuth2 Proxy | S | |
| CVE-2020-4038 | Reflected XSS in GraphQL Playground | S | |
| CVE-2020-4039 | Directory Traversal Vulnerability in SUSI.AI Server | S | |
| CVE-2020-4040 | CSRF issue on preview pages in Bolt CMS | E S | |
| CVE-2020-4041 | The filename of uploaded files vulnerable to stored XSS in Bolt CMS | E S | |
| CVE-2020-4042 | Authentication bypass in Bareos | M | |
| CVE-2020-4043 | Phar unserialization vulnerability in phpMussel | S | |
| CVE-2020-4044 | Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it | S | |
| CVE-2020-4045 | Information disclosure in SSB-DB | S | |
| CVE-2020-4046 | Authenticated XSS through embed block in WordPress | | |
| CVE-2020-4047 | Authenticated XSS via media attachment page in WordPress | S | |
| CVE-2020-4048 | Open redirect in wp_validate_redirect() in WordPress | S | |
| CVE-2020-4049 | Authenticated self-XSS via theme uploads in WordPress | S | |
| CVE-2020-4050 | set-screen-option filter misuse by plugins leading to privilege escalation in WordPress | S | |
| CVE-2020-4051 | XSS in Dijit Editor's LinkDialog plugin | S | |
| CVE-2020-4052 | Stored XSS through template injection in Wiki.js | S | |
| CVE-2020-4053 | Path Traversal in Helm Plugin Archive | S | |
| CVE-2020-4054 | Cross-site Scripting in Sanitize | S | |
| CVE-2020-4059 | Command Injection in mversion | S | |
| CVE-2020-4060 | Use After Free in in cups_update_info in LoRa Basics Station | M | |
| CVE-2020-4061 | Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites | E S | |
| CVE-2020-4062 | Improper Access Control in Conjur OSS Helm Chart | S | |
| CVE-2020-4066 | Command Injection in Limdu trainBatch function | | |
| CVE-2020-4067 | Improper Initialization in coturn | | |
| CVE-2020-4068 | Heap-based Buffer Overflow in APNSwift | S | |
| CVE-2020-4070 | Cross-site Scripting in CSS Validator | S | |
| CVE-2020-4071 | Timing attack on django-basic-auth-ip-whitelist | | |
| CVE-2020-4072 | Log Forging in generator-jhipster-kotlin | S | |
| CVE-2020-4074 | Improper Authentication | S | |
| CVE-2020-4075 | Arbitrary file read via window-open IPC in Electron | | |
| CVE-2020-4076 | Context isolation bypass via leaked cross-context objects in Electron | | |
| CVE-2020-4077 | Context isolation bypass via contextBridge in Electron | | |
| CVE-2020-4079 | Information disclosure vulnerability in iTop | | |
| CVE-2020-4080 | HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to imp... | S | |
| CVE-2020-4081 | In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).... | | |
| CVE-2020-4082 | The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper valida... | E S | |
| CVE-2020-4083 | HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensit... | E S | |
| CVE-2020-4084 | HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allo... | S | |
| CVE-2020-4085 | "HCL Connections is vulnerable to possible information leakage and could disclose sensitive informat... | | |
| CVE-2020-4089 | HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto'... | | |
| CVE-2020-4092 | "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will... | | |
| CVE-2020-4095 | "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is ab... | | |
| CVE-2020-4097 | In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to re... | | |
| CVE-2020-4099 | HCL Verse for Android is susceptible to an APK signing key check vulnerability | | |
| CVE-2020-4100 | "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer t... | | |
| CVE-2020-4101 | "HCL Digital Experience is susceptible to Server Side Request Forgery."... | | |
| CVE-2020-4102 | HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of use... | | |
| CVE-2020-4104 | HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module... | | |
| CVE-2020-4107 | HCL Domino is affected by an Insufficient Access Control vulnerability | M | |
| CVE-2020-4125 | Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files ... | S | |
| CVE-2020-4126 | HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenti... | | |
| CVE-2020-4127 | HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could ... | | |
| CVE-2020-4128 | HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unaut... | S | |
| CVE-2020-4129 | HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthent... | | |
| CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | | |
| CVE-2020-4138 | IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another... | | |
| CVE-2020-4140 | IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability al... | S | |
| CVE-2020-4146 | IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive informatio... | | |
| CVE-2020-4150 | IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptograph... | | |
| CVE-2020-4151 | IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized ac... | S | |
| CVE-2020-4152 | IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in clearte... | S | |
| CVE-2020-4153 | IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2020-4157 | IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or c... | S | |
| CVE-2020-4159 | IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users wh... | S | |
| CVE-2020-4160 | IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive inform... | S | |
| CVE-2020-4161 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated ... | | |
| CVE-2020-4162 | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerab... | S | |
| CVE-2020-4163 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow a... | S | |
| CVE-2020-4164 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sens... | S | |
| CVE-2020-4165 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of ... | | |
| CVE-2020-4166 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information w... | S | |
| CVE-2020-4167 | IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perf... | S | |
| CVE-2020-4169 | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could a... | S | |
| CVE-2020-4170 | IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow a... | | |
| CVE-2020-4171 | IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by anot... | S | |
| CVE-2020-4172 | IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead t... | S | |
| CVE-2020-4173 | IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization toke... | | |
| CVE-2020-4174 | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could a... | S | |
| CVE-2020-4175 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, ... | S | |
| CVE-2020-4177 | IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key,... | S | |
| CVE-2020-4180 | IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands... | S | |
| CVE-2020-4182 | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2020-4183 | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to... | | |
| CVE-2020-4184 | IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimu... | | |
| CVE-2020-4185 | IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that c... | S | |
| CVE-2020-4186 | IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page th... | S | |
| CVE-2020-4187 | IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in ... | S | |
| CVE-2020-4188 | IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security co... | | |
| CVE-2020-4189 | IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be use... | S | |
| CVE-2020-4190 | IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cr... | S | |
| CVE-2020-4191 | IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an at... | | |
| CVE-2020-4193 | IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote atta... | | |
| CVE-2020-4195 | IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking... | S | |
| CVE-2020-4196 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allow... | S | |
| CVE-2020-4197 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by anot... | S | |
| CVE-2020-4198 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allow... | S | |
| CVE-2020-4199 | IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an at... | S | |
| CVE-2020-4200 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow a... | | |
| CVE-2020-4202 | IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate anot... | | |
| CVE-2020-4203 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive info... | | |
| CVE-2020-4204 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is... | | |
| CVE-2020-4205 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass secu... | | |
| CVE-2020-4206 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary c... | S | |
| CVE-2020-4207 | IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer over... | | |
| CVE-2020-4208 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password ... | S | |
| CVE-2020-4209 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directorie... | S | |
| CVE-2020-4210 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code ... | S | |
| CVE-2020-4211 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code ... | S | |
| CVE-2020-4212 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code ... | S | |
| CVE-2020-4213 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code ... | S | |
| CVE-2020-4214 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a ... | S | |
| CVE-2020-4216 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password ... | S | |
| CVE-2020-4217 | The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security... | S | |
| CVE-2020-4222 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code ... | S | |
| CVE-2020-4223 | IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnera... | | |
| CVE-2020-4224 | IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to d... | S | |
| CVE-2020-4226 | IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. T... | S | |
| CVE-2020-4229 | IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs... | S | |
| CVE-2020-4230 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an ... | | |
| CVE-2020-4231 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform... | S | |
| CVE-2020-4232 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernam... | S | |
| CVE-2020-4233 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sens... | S | |
| CVE-2020-4235 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulne... | S | |
| CVE-2020-4236 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a deni... | S | |
| CVE-2020-4237 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which... | S | |
| CVE-2020-4238 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which... | S | |
| CVE-2020-4239 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive... | S | |
| CVE-2020-4240 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directorie... | S | |
| CVE-2020-4241 | IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenti... | S | |
| CVE-2020-4242 | IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenti... | S | |
| CVE-2020-4243 | IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attac... | S | |
| CVE-2020-4244 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain s... | S | |
| CVE-2020-4245 | IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have stro... | S | |
| CVE-2020-4246 | IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Inje... | S | |
| CVE-2020-4248 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sens... | | |
| CVE-2020-4249 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information ... | S | |
| CVE-2020-4251 | IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability al... | S | |
| CVE-2020-4252 | IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. ... | S | |
| CVE-2020-4253 | IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authentica... | S | |
| CVE-2020-4254 | IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic alg... | | |
| CVE-2020-4257 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4258 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4259 | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate... | | |
| CVE-2020-4260 | IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive inf... | | |
| CVE-2020-4261 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4262 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4263 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4264 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4265 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4266 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on ... | | |
| CVE-2020-4267 | IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of... | | |
| CVE-2020-4268 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows u... | | |
| CVE-2020-4269 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptograph... | E | |
| CVE-2020-4270 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak ... | E | |
| CVE-2020-4271 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted comm... | E | |
| CVE-2020-4272 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote... | E | |
| CVE-2020-4273 | IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of ... | S | |
| CVE-2020-4274 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unaut... | E | |
| CVE-2020-4276 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege esc... | S | |
| CVE-2020-4277 | IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages t... | | |
| CVE-2020-4278 | IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 coul... | S | |
| CVE-2020-4280 | IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the syste... | E S | |
| CVE-2020-4281 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scrip... | | |
| CVE-2020-4282 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an au... | S | |
| CVE-2020-4283 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded cred... | | |
| CVE-2020-4284 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose se... | S | |
| CVE-2020-4285 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4286 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery w... | S | |
| CVE-2020-4287 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4288 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4289 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a rem... | S | |
| CVE-2020-4290 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any a... | S | |
| CVE-2020-4291 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose se... | S | |
| CVE-2020-4292 | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain poli... | | |
| CVE-2020-4294 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allo... | E | |
| CVE-2020-4295 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scrip... | | |
| CVE-2020-4297 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scrip... | | |
| CVE-2020-4298 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v... | S | |
| CVE-2020-4299 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive informat... | | |
| CVE-2020-4300 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack wh... | S | |
| CVE-2020-4301 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which co... | S | |
| CVE-2020-4302 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the sy... | S | |
| CVE-2020-4303 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scr... | S | |
| CVE-2020-4304 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scr... | S | |
| CVE-2020-4305 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbi... | | |
| CVE-2020-4306 | IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnera... | S | |
| CVE-2020-4307 | IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr da... | S | |
| CVE-2020-4309 | IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which co... | S | |
| CVE-2020-4310 | IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of ser... | | |
| CVE-2020-4311 | IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By... | S | |
| CVE-2020-4312 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated use... | S | |
| CVE-2020-4315 | IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authoriza... | S | |
| CVE-2020-4316 | IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tok... | S | |
| CVE-2020-4317 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and... | S | |
| CVE-2020-4318 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and... | S | |
| CVE-2020-4319 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under spec... | S | |
| CVE-2020-4320 | IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block o... | | |
| CVE-2020-4322 | IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the v... | S | |
| CVE-2020-4323 | IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2020-4324 | IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictio... | | |
| CVE-2020-4325 | The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams ... | | |
| CVE-2020-4327 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a... | S | |
| CVE-2020-4328 | IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send... | | |
| CVE-2020-4329 | IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allo... | | |
| CVE-2020-4336 | IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to i... | S | |
| CVE-2020-4337 | IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by... | | |
| CVE-2020-4338 | IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive ... | | |
| CVE-2020-4340 | IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to impro... | | |
| CVE-2020-4341 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a... | S | |
| CVE-2020-4342 | IBM Security Secret Server 10.7 could disclose sensitive information included in installation files ... | S | |
| CVE-2020-4343 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4344 | IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally whi... | S | |
| CVE-2020-4345 | IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances m... | | |
| CVE-2020-4346 | IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can b... | S | |
| CVE-2020-4347 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privileg... | | |
| CVE-2020-4348 | IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated... | S | |
| CVE-2020-4349 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that c... | S | |
| CVE-2020-4350 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that c... | S | |
| CVE-2020-4352 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in... | | |
| CVE-2020-4353 | IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which... | S | |
| CVE-2020-4354 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows ... | S | |
| CVE-2020-4355 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is... | S | |
| CVE-2020-4357 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive informa... | S | |
| CVE-2020-4358 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability... | S | |
| CVE-2020-4360 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4361 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosi... | S | |
| CVE-2020-4362 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege esc... | S | |
| CVE-2020-4363 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is... | S | |
| CVE-2020-4364 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | S | |
| CVE-2020-4365 | IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a spec... | | |
| CVE-2020-4366 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4367 | IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow... | S | |
| CVE-2020-4369 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could... | S | |
| CVE-2020-4371 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that ... | S | |
| CVE-2020-4372 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be... | S | |
| CVE-2020-4375 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to... | S | |
| CVE-2020-4376 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a ... | S | |
| CVE-2020-4377 | IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack whe... | | |
| CVE-2020-4378 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform un... | S | |
| CVE-2020-4379 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that c... | S | |
| CVE-2020-4380 | IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows user... | | |
| CVE-2020-4381 | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated u... | S | |
| CVE-2020-4382 | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated u... | | |
| CVE-2020-4383 | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated u... | | |
| CVE-2020-4384 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v... | | |
| CVE-2020-4385 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryp... | S | |
| CVE-2020-4386 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | S | |
| CVE-2020-4387 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | S | |
| CVE-2020-4388 | IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to c... | S | |
| CVE-2020-4395 | IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could all... | S | |
| CVE-2020-4396 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2020-4397 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could b... | S | |
| CVE-2020-4399 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed request... | S | |
| CVE-2020-4400 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow... | S | |
| CVE-2020-4405 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an auth... | S | |
| CVE-2020-4406 | IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX... | | |
| CVE-2020-4408 | The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mas... | S | |
| CVE-2020-4409 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attack... | S | |
| CVE-2020-4410 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a special... | S | |
| CVE-2020-4411 | The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is aff... | | |
| CVE-2020-4412 | The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is aff... | | |
| CVE-2020-4413 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, cause... | S | |
| CVE-2020-4414 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | S | |
| CVE-2020-4415 | IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by im... | S | |
| CVE-2020-4419 | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulne... | S | |
| CVE-2020-4420 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | S | |
| CVE-2020-4421 | IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using ... | | |
| CVE-2020-4422 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4427 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to ... | KEV S | |
| CVE-2020-4428 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to ... | KEV S | |
| CVE-2020-4429 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for a... | S | |
| CVE-2020-4430 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to ... | KEV S | |
| CVE-2020-4431 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4432 | Certain IBM Aspera applications are vulnerable to command injection after valid authentication, whic... | | |
| CVE-2020-4433 | Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper ... | | |
| CVE-2020-4434 | Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration... | | |
| CVE-2020-4435 | Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product c... | | |
| CVE-2020-4436 | Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which ... | | |
| CVE-2020-4445 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2020-4446 | IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 co... | | |
| CVE-2020-4447 | IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2020-4448 | IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote atta... | S | |
| CVE-2020-4449 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to... | S | |
| CVE-2020-4450 | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute ar... | S | |
| CVE-2020-4452 | IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms t... | | |
| CVE-2020-4459 | IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic... | S | |
| CVE-2020-4461 | IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security b... | | |
| CVE-2020-4462 | IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure... | | |
| CVE-2020-4463 | IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (X... | S | |
| CVE-2020-4464 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to... | S | |
| CVE-2020-4465 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buf... | S | |
| CVE-2020-4466 | IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a den... | S | |
| CVE-2020-4467 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4468 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on... | | |
| CVE-2020-4469 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary c... | S | |
| CVE-2020-4470 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated ... | S | |
| CVE-2020-4471 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a d... | S | |
| CVE-2020-4475 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 cou... | S | |
| CVE-2020-4476 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote a... | S | |
| CVE-2020-4477 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text... | S | |
| CVE-2020-4481 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External E... | | |
| CVE-2020-4482 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user ... | S | |
| CVE-2020-4483 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to o... | S | |
| CVE-2020-4484 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive informati... | S | |
| CVE-2020-4485 | IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service w... | | |
| CVE-2020-4486 | IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary fi... | | |
| CVE-2020-4487 | IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de... | | |
| CVE-2020-4490 | IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could... | | |
| CVE-2020-4491 | IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attack... | S | |
| CVE-2020-4492 | IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local atta... | | |
| CVE-2020-4493 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and iss... | S | |
| CVE-2020-4494 | IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX... | | |
| CVE-2020-4495 | IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security re... | S | |
| CVE-2020-4496 | The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect... | S | |
| CVE-2020-4497 | IBM Spectrum Protect Plus information disclosure | S | |
| CVE-2020-4498 | IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve in... | S | |
| CVE-2020-4499 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized ... | S | |
| CVE-2020-4503 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4509 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when proc... | | |
| CVE-2020-4510 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when proc... | S | |
| CVE-2020-4511 | IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qf... | S | |
| CVE-2020-4512 | IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.... | S | |
| CVE-2020-4513 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | S | |
| CVE-2020-4516 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are ... | S | |
| CVE-2020-4520 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that ... | S | |
| CVE-2020-4521 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute a... | S | |
| CVE-2020-4522 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2020-4524 | IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2020-4525 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2020-4526 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could ... | S | |
| CVE-2020-4527 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by ... | S | |
| CVE-2020-4528 | IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a l... | S | |
| CVE-2020-4529 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Thi... | S | |
| CVE-2020-4530 | IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulner... | S | |
| CVE-2020-4531 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and... | | |
| CVE-2020-4532 | IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Expr... | | |
| CVE-2020-4533 | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulne... | S | |
| CVE-2020-4534 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker t... | | |
| CVE-2020-4535 | IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows user... | S | |
| CVE-2020-4536 | IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a ... | S | |
| CVE-2020-4539 | IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripti... | S | |
| CVE-2020-4541 | IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability a... | S | |
| CVE-2020-4542 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2020-4544 | IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de... | | |
| CVE-2020-4545 | IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caus... | | |
| CVE-2020-4546 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2020-4547 | IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the vict... | S | |
| CVE-2020-4548 | IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious admini... | | |
| CVE-2020-4549 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, ... | | |
| CVE-2020-4550 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on th... | | |
| CVE-2020-4551 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on th... | | |
| CVE-2020-4552 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, ... | | |
| CVE-2020-4553 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on th... | | |
| CVE-2020-4554 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on th... | | |
| CVE-2020-4555 | IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which cou... | S | |
| CVE-2020-4556 | IBM Financial Transaction Manager information disclosure | | |
| CVE-2020-4557 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 a... | | |
| CVE-2020-4559 | IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti imprope... | S | |
| CVE-2020-4560 | IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability al... | | |
| CVE-2020-4561 | IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthentica... | S | |
| CVE-2020-4562 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing... | | |
| CVE-2020-4564 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2... | S | |
| CVE-2020-4565 | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive informat... | | |
| CVE-2020-4566 | IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 sto... | S | |
| CVE-2020-4567 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could... | S | |
| CVE-2020-4568 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text ... | S | |
| CVE-2020-4569 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existe... | S | |
| CVE-2020-4572 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive inf... | S | |
| CVE-2020-4573 | IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to respondin... | S | |
| CVE-2020-4574 | IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default... | S | |
| CVE-2020-4575 | IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 ar... | S | |
| CVE-2020-4576 | IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to... | | |
| CVE-2020-4578 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This ... | S | |
| CVE-2020-4579 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial... | | |
| CVE-2020-4580 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial... | S | |
| CVE-2020-4581 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial... | | |
| CVE-2020-4584 | IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed te... | S | |
| CVE-2020-4587 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based b... | | |
| CVE-2020-4588 | IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when execute... | S | |
| CVE-2020-4589 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arb... | | |
| CVE-2020-4590 | IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnec... | S | |
| CVE-2020-4591 | IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in non... | S | |
| CVE-2020-4592 | IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to... | S | |
| CVE-2020-4593 | IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be rea... | | |
| CVE-2020-4594 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could a... | S | |
| CVE-2020-4595 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could a... | S | |
| CVE-2020-4596 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could a... | S | |
| CVE-2020-4597 | IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or se... | S | |
| CVE-2020-4598 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, usin... | | |
| CVE-2020-4599 | IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information w... | S | |
| CVE-2020-4600 | IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information w... | S | |
| CVE-2020-4602 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be rea... | S | |
| CVE-2020-4603 | IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than ... | S | |
| CVE-2020-4604 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be rea... | S | |
| CVE-2020-4606 | IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) a... | S | |
| CVE-2020-4607 | IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local use... | S | |
| CVE-2020-4609 | IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer ... | S | |
| CVE-2020-4610 | IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user ... | S | |
| CVE-2020-4611 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute ... | S | |
| CVE-2020-4612 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information... | S | |
| CVE-2020-4613 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could all... | S | |
| CVE-2020-4614 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could all... | S | |
| CVE-2020-4615 | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows ... | S | |
| CVE-2020-4616 | IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker usin... | S | |
| CVE-2020-4617 | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an ... | S | |
| CVE-2020-4618 | IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to... | S | |
| CVE-2020-4619 | IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read ... | S | |
| CVE-2020-4620 | IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary f... | S | |
| CVE-2020-4621 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to... | S | |
| CVE-2020-4622 | IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptograp... | S | |
| CVE-2020-4623 | IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the syst... | S | |
| CVE-2020-4624 | IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during ... | S | |
| CVE-2020-4625 | IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive informati... | S | |
| CVE-2020-4626 | IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal netw... | S | |
| CVE-2020-4627 | IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker ... | S | |
| CVE-2020-4628 | IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensit... | S | |
| CVE-2020-4629 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized ac... | | |
| CVE-2020-4631 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windo... | S | |
| CVE-2020-4632 | IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending ... | | |
| CVE-2020-4633 | IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caus... | M | |
| CVE-2020-4635 | IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumera... | S | |
| CVE-2020-4636 | IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3... | | |
| CVE-2020-4638 | IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. ... | | |
| CVE-2020-4640 | Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations ... | | |
| CVE-2020-4642 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | | |
| CVE-2020-4643 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Inje... | S | |
| CVE-2020-4644 | IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the click... | S | |
| CVE-2020-4645 | IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulne... | S | |
| CVE-2020-4646 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6... | S | |
| CVE-2020-4647 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL i... | S | |
| CVE-2020-4648 | A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspac... | S | |
| CVE-2020-4649 | IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to no... | S | |
| CVE-2020-4650 | IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be st... | S | |
| CVE-2020-4651 | IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-si... | S | |
| CVE-2020-4653 | IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open ... | S | |
| CVE-2020-4654 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensit... | S | |
| CVE-2020-4655 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is ... | S | |
| CVE-2020-4657 | IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scr... | | |
| CVE-2020-4658 | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulner... | | |
| CVE-2020-4660 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to o... | | |
| CVE-2020-4661 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to o... | | |
| CVE-2020-4662 | IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to impro... | S | |
| CVE-2020-4663 | IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th... | S | |
| CVE-2020-4664 | IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th... | S | |
| CVE-2020-4665 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secur... | S | |
| CVE-2020-4666 | IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th... | S | |
| CVE-2020-4667 | IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obta... | S | |
| CVE-2020-4668 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6... | S | |
| CVE-2020-4669 | IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database... | S | |
| CVE-2020-4670 | IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data str... | S | |
| CVE-2020-4671 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 sto... | S | |
| CVE-2020-4672 | IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability ... | S | |
| CVE-2020-4673 | IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further ... | | |
| CVE-2020-4674 | IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against... | | |
| CVE-2020-4675 | IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which ... | | |
| CVE-2020-4678 | IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that t... | S | |
| CVE-2020-4679 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2020-4680 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2020-4681 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2020-4682 | IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary co... | S | |
| CVE-2020-4685 | A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Adminis... | S | |
| CVE-2020-4686 | IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their pri... | S | |
| CVE-2020-4687 | IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of an... | | |
| CVE-2020-4688 | IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on th... | | |
| CVE-2020-4689 | IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execut... | S | |
| CVE-2020-4690 | IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key,... | S | |
| CVE-2020-4691 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | | |
| CVE-2020-4692 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 cou... | | |
| CVE-2020-4693 | IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allo... | | |
| CVE-2020-4695 | IBM API Connect V10 is impacted by insecure communications during database replication. As the data ... | S | |
| CVE-2020-4696 | IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow ... | S | |
| CVE-2020-4697 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users... | | |
| CVE-2020-4698 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are ... | S | |
| CVE-2020-4699 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to o... | | |
| CVE-2020-4700 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 cou... | S | |
| CVE-2020-4701 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable... | S | |
| CVE-2020-4702 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerabil... | | |
| CVE-2020-4703 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated ... | S | |
| CVE-2020-4704 | IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows ... | | |
| CVE-2020-4705 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is ... | S | |
| CVE-2020-4706 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper ... | | |
| CVE-2020-4707 | IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2020-4708 | IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard... | S | |
| CVE-2020-4711 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directorie... | S | |
| CVE-2020-4717 | A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create sym... | | |
| CVE-2020-4718 | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripti... | S | |
| CVE-2020-4719 | The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Clo... | S | |
| CVE-2020-4721 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on th... | S | |
| CVE-2020-4722 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on th... | S | |
| CVE-2020-4723 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on th... | S | |
| CVE-2020-4724 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on th... | S | |
| CVE-2020-4725 | IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by se... | S | |
| CVE-2020-4726 | The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored lo... | S | |
| CVE-2020-4727 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action o... | | |
| CVE-2020-4729 | IBM Safer Payments denial of service | | |
| CVE-2020-4731 | IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allo... | S | |
| CVE-2020-4732 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensiti... | S | |
| CVE-2020-4733 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users... | | |
| CVE-2020-4739 | IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB... | S | |
| CVE-2020-4740 | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker c... | S | |
| CVE-2020-4741 | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This v... | S | |
| CVE-2020-4747 | IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtai... | | |
| CVE-2020-4748 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability a... | S | |
| CVE-2020-4749 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens o... | S | |
| CVE-2020-4755 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability a... | S | |
| CVE-2020-4756 | IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic S... | S | |
| CVE-2020-4757 | IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scri... | E S | |
| CVE-2020-4759 | IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote att... | S | |
| CVE-2020-4760 | IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users t... | | |
| CVE-2020-4761 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and... | | |
| CVE-2020-4762 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and... | | |
| CVE-2020-4763 | IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secur... | | |
| CVE-2020-4764 | IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker... | S | |
| CVE-2020-4765 | IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can... | S | |
| CVE-2020-4766 | IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by send... | S | |
| CVE-2020-4767 | IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attack... | | |
| CVE-2020-4768 | IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerabl... | | |
| CVE-2020-4771 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could a... | S | |
| CVE-2020-4772 | An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management ... | | |
| CVE-2020-4773 | A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0... | | |
| CVE-2020-4774 | An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by th... | | |
| CVE-2020-4775 | A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and ... | | |
| CVE-2020-4776 | A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, whic... | | |
| CVE-2020-4778 | IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a singl... | | |
| CVE-2020-4779 | A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.... | | |
| CVE-2020-4780 | OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam So... | | |
| CVE-2020-4781 | An improper input validation before calling java readLine() method may impact IBM Curam Social Progr... | | |
| CVE-2020-4782 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse di... | S | |
| CVE-2020-4783 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive in... | S | |
| CVE-2020-4785 | IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a r... | S | |
| CVE-2020-4786 | IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vul... | S | |
| CVE-2020-4787 | IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vul... | S | |
| CVE-2020-4788 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive info... | S | |
| CVE-2020-4789 | IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could ... | S | |
| CVE-2020-4790 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of serv... | S | |
| CVE-2020-4791 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive ... | S | |
| CVE-2020-4792 | IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra... | S | |
| CVE-2020-4794 | IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19... | S | |
| CVE-2020-4795 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an u... | S | |
| CVE-2020-4799 | IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to ... | S | |
| CVE-2020-4803 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. ... | S | |
| CVE-2020-4805 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. ... | S | |
| CVE-2020-4809 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. ... | S | |
| CVE-2020-4811 | IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a priv... | | |
| CVE-2020-4815 | IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information ... | S | |
| CVE-2020-4816 | IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive informat... | S | |
| CVE-2020-4820 | IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability ... | S | |
| CVE-2020-4821 | IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under c... | S | |
| CVE-2020-4825 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-... | | |
| CVE-2020-4826 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-... | | |
| CVE-2020-4827 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-... | | |
| CVE-2020-4828 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web ca... | | |
| CVE-2020-4829 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user c... | S | |
| CVE-2020-4831 | IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms t... | S | |
| CVE-2020-4832 | IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary director... | S | |
| CVE-2020-4838 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerab... | | |
| CVE-2020-4839 | IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by imp... | | |
| CVE-2020-4840 | IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an ... | S | |
| CVE-2020-4841 | IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, cause... | S | |
| CVE-2020-4842 | IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a... | S | |
| CVE-2020-4843 | IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could ... | S | |
| CVE-2020-4845 | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnera... | S | |
| CVE-2020-4846 | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive i... | S | |
| CVE-2020-4848 | IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initia... | | |
| CVE-2020-4849 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to by... | | |
| CVE-2020-4850 | IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker t... | | |
| CVE-2020-4851 | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poiso... | S | |
| CVE-2020-4854 | IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password ... | E S | |
| CVE-2020-4855 | IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2020-4856 | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4857 | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4863 | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows us... | S | |
| CVE-2020-4864 | IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with... | S | |
| CVE-2020-4865 | IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2020-4866 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to ... | S | |
| CVE-2020-4868 | IBM TRIRIGA information disclosure | | |
| CVE-2020-4869 | IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflo... | S | |
| CVE-2020-4870 | IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing con... | S | |
| CVE-2020-4871 | IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user o... | S | |
| CVE-2020-4873 | IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly ... | S | |
| CVE-2020-4874 | IBM Cognos Controller information disclosure | | |
| CVE-2020-4875 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (... | | |
| CVE-2020-4876 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (... | | |
| CVE-2020-4877 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications b... | | |
| CVE-2020-4879 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security re... | | |
| CVE-2020-4881 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by ... | S | |
| CVE-2020-4882 | IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by con... | | |
| CVE-2020-4883 | IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be ... | S | |
| CVE-2020-4884 | IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear t... | | |
| CVE-2020-4885 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to a... | S | |
| CVE-2020-4886 | IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that co... | S | |
| CVE-2020-4887 | IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore... | | |
| CVE-2020-4888 | IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to e... | S | |
| CVE-2020-4889 | IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files whic... | S | |
| CVE-2020-4890 | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a v... | S | |
| CVE-2020-4891 | IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockou... | S | |
| CVE-2020-4892 | IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability al... | S | |
| CVE-2020-4893 | IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information ... | S | |
| CVE-2020-4895 | IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-si... | S | |
| CVE-2020-4896 | IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by imp... | S | |
| CVE-2020-4897 | IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could al... | S | |
| CVE-2020-4898 | IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms t... | S | |
| CVE-2020-4899 | IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for d... | | |
| CVE-2020-4900 | IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that... | S | |
| CVE-2020-4901 | IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network ... | S | |
| CVE-2020-4902 | IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remot... | S | |
| CVE-2020-4903 | IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation ... | S | |
| CVE-2020-4904 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross... | S | |
| CVE-2020-4905 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote ... | S | |
| CVE-2020-4906 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be... | S | |
| CVE-2020-4907 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote a... | S | |
| CVE-2020-4908 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product ve... | S | |
| CVE-2020-4909 | IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e... | S | |
| CVE-2020-4910 | IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e... | S | |
| CVE-2020-4912 | IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the us... | S | |
| CVE-2020-4913 | IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privile... | S | |
| CVE-2020-4914 | IBM Cloud Pak System Software Suite session fixation | S | |
| CVE-2020-4916 | IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e... | S | |
| CVE-2020-4917 | IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker t... | S | |
| CVE-2020-4918 | IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due t... | S | |
| CVE-2020-4919 | IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privile... | S | |
| CVE-2020-4920 | IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allo... | S | |
| CVE-2020-4921 | IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send spe... | | |
| CVE-2020-4925 | A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mm... | S | |
| CVE-2020-4926 | A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could al... | S | |
| CVE-2020-4927 | IBM Spectrum Scale information disclosure | S | |
| CVE-2020-4928 | IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By inter... | S | |
| CVE-2020-4929 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | | |
| CVE-2020-4931 | IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denia... | S | |
| CVE-2020-4932 | IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key... | | |
| CVE-2020-4933 | IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. Thi... | S | |
| CVE-2020-4934 | IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An... | | |
| CVE-2020-4935 | IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. Th... | S | |
| CVE-2020-4937 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected crypt... | S | |
| CVE-2020-4938 | IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attack... | | |
| CVE-2020-4941 | IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could... | S | |
| CVE-2020-4942 | IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery whi... | | |
| CVE-2020-4944 | IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.... | | |
| CVE-2020-4945 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated ... | S | |
| CVE-2020-4949 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Inje... | S | |
| CVE-2020-4951 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a loca... | S | |
| CVE-2020-4952 | IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper acc... | S | |
| CVE-2020-4953 | IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about a... | S | |
| CVE-2020-4954 | IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentic... | S | |
| CVE-2020-4955 | IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary... | S | |
| CVE-2020-4956 | IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a... | S | |
| CVE-2020-4957 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL ... | S | |
| CVE-2020-4958 | IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for func... | | |
| CVE-2020-4964 | IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated... | S | |
| CVE-2020-4965 | IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an ... | S | |
| CVE-2020-4966 | IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authori... | S | |
| CVE-2020-4967 | IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers ... | S | |
| CVE-2020-4968 | IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algo... | S | |
| CVE-2020-4969 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sens... | S | |
| CVE-2020-4970 | IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attac... | | |
| CVE-2020-4974 | IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an... | | |
| CVE-2020-4975 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to ... | S | |
| CVE-2020-4976 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | | |
| CVE-2020-4977 | IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. Th... | S | |
| CVE-2020-4979 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker th... | | |
| CVE-2020-4980 | IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts wh... | S | |
| CVE-2020-4981 | IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files du... | S | |
| CVE-2020-4983 | IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who ha... | S | |
| CVE-2020-4985 | IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to acce... | | |
| CVE-2020-4987 | The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code ver... | | |
| CVE-2020-4988 | Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javasc... | | |
| CVE-2020-4989 | IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.... | S | |
| CVE-2020-4990 | IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially cr... | S | |
| CVE-2020-4992 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery whi... | S | |
| CVE-2020-4993 | IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in... | | |
| CVE-2020-4994 | IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a rem... | | |
| CVE-2020-4995 | IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout whi... | S | |
| CVE-2020-4996 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive... | S | |
| CVE-2020-4997 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | S |