Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 30 ms.

CVE-2023-23480: Security Bulletin: IBM Partner Engagement Manager is vulnerable to cross-site scripting (CVE-2023-23480)

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.

CVE
Open in Source
#xss#vulnerability#web#linux#java#ibm
CVE-2020-4729: Security Bulletin: IBM Safer Payments vulnerable to Denial Of Service Attacks (CVE-2020-4729)

IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.

CVE-2023-28522: Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.

CVE-2023-26273: Security Bulletin: IBM QRadar SIEM is vulnerable to Hazardous Input Validation (CVE-2023-26273)

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

CVE-2022-40234: Insecure handling of TLS certificates by IBM Spectrum Protect Plus (CVE-2022-40234)

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

CVE-2022-35721: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721)

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.

CVE-2022-42442: Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform (CVE-2022-42442)

"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214."

CVE-2022-43574: IBM Robotic Process Automation is vulnerable to incorrect permission assignment

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."

CVE-2022-40747: IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection (CVE-2022-40747)

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."

CVE-2022-40235: Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service attack (CVE-2022-40235)

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."