Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4183: IBM Cognos Analytics denial of service CVE-2019-4183 Vulnerability Report

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

CVE
Open in Source
#vulnerability#dos#ibm
CVE-2019-4086: IBM Cloud Application Performance Management clickjacking CVE-2019-4086 Vulnerability Report

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.

CVE-2019-4271: IBM WebSphere Application Server HTTP pollution CVE-2019-4271 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CVE-2019-4270: IBM WebSphere Application Server cross-site scripting CVE-2019-4270 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.

CVE-2019-4171: IBM Cognos Controller information disclosure CVE-2019-4171 Vulnerability Report

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

CVE-2019-4442: IBM WebSphere Application Server information disclosure CVE-2019-4442 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

CVE-2019-4477: IBM WebSphere Application Server information disclosure CVE-2019-4477 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

CVE-2019-4147: Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling File Gateway (CVE-2019-4147)

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

CVE-2019-16091: Comparing f571522...e07edb3 · hoene/libmysofa

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.

CVE-2019-4186: IBM Jazz for Service Management is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header (CVE-2019-4186)

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.