Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4505: Security Bulletin: Information disclosure in WebSphere Application Server ND (CVE-2019-4505)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

CVE
Open in Source
#vulnerability#web#windows#linux#ibm
CVE-2019-4565: Security Bulletin: IBM Security Key Lifecycle Manager uses Weak password policy (CVE-2019-4565)

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

CVE-2019-4342: IBM Cognos Analytics cross-site scripting CVE-2019-4342 Vulnerability Report

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.

CVE-2019-4183: IBM Cognos Analytics denial of service CVE-2019-4183 Vulnerability Report

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

CVE-2019-4086: IBM Cloud Application Performance Management clickjacking CVE-2019-4086 Vulnerability Report

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.

CVE-2019-4271: IBM WebSphere Application Server HTTP pollution CVE-2019-4271 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CVE-2019-4270: IBM WebSphere Application Server cross-site scripting CVE-2019-4270 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.

CVE-2019-4171: IBM Cognos Controller information disclosure CVE-2019-4171 Vulnerability Report

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.

CVE-2019-4442: IBM WebSphere Application Server information disclosure CVE-2019-4442 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

CVE-2019-4477: IBM WebSphere Application Server information disclosure CVE-2019-4477 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.