CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20579
https://notcve.org/view.php?id=CVE-2021-20579
24 Jun 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario que pueda crear una visualización o una función SQL en línea obtener información confidencial cuando la función AUTO_RE... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199283 •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29754
https://notcve.org/view.php?id=CVE-2021-29754
11 Jun 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es suceptible a una vulnerabilidad de escalada de privilegios cuando se usa el SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202006 •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20515
https://notcve.org/view.php?id=CVE-2021-20515
30 Apr 2021 — IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. IBM Informix Dynamic Server versión 14.10, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada. Un usuario privilegiado local podría desbordar un búfer y ejec... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-26582
https://notcve.org/view.php?id=CVE-2021-26582
15 Apr 2021 — A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). Una vulnerabilidad de seguridad en el módulo HPE IceWall SSO Domain Gateway Option (Dgfw) versión 10.0 en RHEL 5/6/7, versión 10.0 en HP-UX 11i versión v3, versión 10.0 en Windows y 11.0 en Windows, podría ser explotado remotamente para permitir ataques de tipo cro... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20480
https://notcve.org/view.php?id=CVE-2021-20480
08 Apr 2021 — IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. IBM WebSphere Application Server versiones 7.0, 8.0 y 8.5, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante autenticado remotamente podría explotar esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197502 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20354
https://notcve.org/view.php?id=CVE-2021-20354
18 Feb 2021 — IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. IBM WebSphere Application Server versiones 8.0, 8.5 y 9.0, podría permitir a un atacante remoto un salto de directorio. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar ar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4949
https://notcve.org/view.php?id=CVE-2020-4949
26 Jan 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192025 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4762
https://notcve.org/view.php?id=CVE-2020-4762
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, podría permitir a un usuario autenticado crear una cuenta con privilegios debido a controles de acceso inapropiados. IBM X-Force ID: 188896 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188896 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4761
https://notcve.org/view.php?id=CVE-2020-4761
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, podría permitir a un atacante remoto conseguir informaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188895 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 18%CPEs: 9EXPL: 0CVE-2019-4728
https://notcve.org/view.php?id=CVE-2019-4728
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, pod... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 • CWE-502: Deserialization of Untrusted Data •