CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4365
https://notcve.org/view.php?id=CVE-2020-4365
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. IBM WebSphere Application Server versión 8.5, es vulnerable a un ataque de tipo server-side request forgery. Al enviar una petición especialmente diseñada, un atacante autenticado remoto podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 https://www.ibm.com/support/pages/node/6209099 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 https://www.ibm.com/support/pages/node/6208041 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4259
https://notcve.org/view.php?id=CVE-2020-4259
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, podría permitir que un usuario autentificado pudiera manipular la información de una cookie y eliminar o añadir módulos desde la cookie para acceder a funcionalidades no autorizadas. IBM X-Force ID: 175638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 https://www.ibm.com/support/pages/node/6208038 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4450
https://notcve.org/view.php?id=CVE-2019-4450
IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. IBM i versiones 7.2, 7.3 y 7.4 para i es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163492 https://www.ibm.com/support/pages/node/1100085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4536
https://notcve.org/view.php?id=CVE-2019-4536
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. Los usuarios de IBM i versión 7.4 que han realizado un Perfil de Usuario de Restauración (RSTUSRPRF) en un sistema que ha sido configurado con Db2 Mirror para i podría tener perfiles de usuario con privilegios elevados causados ??por un procesamiento incorrecto durante una restauración de múltiples perfiles de usuario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165592 https://www.ibm.com/support/docview.wss?uid=ibm11071586 • CWE-269: Improper Privilege Management •