Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4422: IBM Security Guardium privilege escalation CVE-2019-4422 Vulnerability Report

IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.

CVE
Open in Source
#vulnerability#auth#ibm
CVE-2019-4549: IBM Security Directory Server information disclosure CVE-2019-4549 Vulnerability Report

IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.

CVE-2019-4538: Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.

CVE-2019-4246: IBM Daeja ViewONE information disclosure CVE-2019-4246 Vulnerability Report

IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.

CVE-2019-4494: IBM Jazz Reporting Service cross-site scripting CVE-2019-4494 Vulnerability Report

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.

CVE-2019-4497: Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2019-4494, CVE-2019-4495, CVE-2019-4497)

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.

CVE-2019-4106: IBM WebSphere eXtreme Scale cross-site scripting CVE-2019-4106 Vulnerability Report

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099.

CVE-2019-4115: Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment could expose sensitive information(CVE-2019-4106, CVE-2019-4109, CVE-2019-4112, CVE-2019-4115)

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.

CVE-2019-4112: IBM WebSphere eXtreme Scale information disclosure CVE-2019-4112 Vulnerability Report

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

CVE-2019-4280: Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280)

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.