CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5901 CVE-2020-4083 532 +Info 2020-03-05 2020-03-06
2.1
None Local Low Not required Partial None None
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.
5902 CVE-2020-4095 522 +Priv 2020-07-16 2021-07-21
2.1
None Local Low Not required Partial None None
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
5903 CVE-2020-4100 913 2020-07-15 2020-07-22
2.1
None Local Low Not required None Partial None
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."
5904 CVE-2020-4191 327 2020-06-04 2020-06-05
2.1
None Local Low Not required Partial None None
IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.
5905 CVE-2020-4197 922 2020-03-03 2020-03-03
2.1
None Local Low Not required Partial None None
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.
5906 CVE-2020-4224 200 +Info 2020-02-03 2021-07-21
2.1
None Local Low Not required Partial None None
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.
5907 CVE-2020-4338 200 +Info 2020-04-16 2020-04-22
2.1
None Local Low Not required Partial None None
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.
5908 CVE-2020-4344 922 2020-09-15 2020-09-16
2.1
None Local Low Not required Partial None None
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
5909 CVE-2020-4353 20 2020-04-23 2021-07-21
2.1
None Local Low Not required None None Partial
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505.
5910 CVE-2020-4369 312 +Info 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
5911 CVE-2020-4371 922 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
5912 CVE-2020-4372 522 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
5913 CVE-2020-4382 20 DoS 2020-08-24 2021-07-21
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163.
5914 CVE-2020-4408 522 2020-07-27 2020-07-28
2.1
None Local Low Not required Partial None None
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.
5915 CVE-2020-4491 400 DoS 2020-10-20 2021-07-21
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.
5916 CVE-2020-4492 88 DoS 2020-08-31 2020-08-31
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.
5917 CVE-2020-4498 200 +Info 2020-07-27 2021-07-21
2.1
None Local Low Not required Partial None None
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
5918 CVE-2020-4568 522 2020-11-10 2020-11-17
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.
5919 CVE-2020-4593 522 2020-08-24 2020-08-26
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.
5920 CVE-2020-4602 522 2021-01-13 2021-01-15
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
5921 CVE-2020-4604 312 2021-01-13 2021-01-15
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
5922 CVE-2020-4629 209 +Info 2020-09-30 2020-10-02
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
5923 CVE-2020-4642 DoS 2020-12-23 2021-01-30
2.1
None Local Low Not required None None Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".
5924 CVE-2020-4650 200 +Info 2020-11-09 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
5925 CVE-2020-4651 352 CSRF 2020-11-09 2020-11-12
2.9
None Local Network Medium Not required None Partial None
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.
5926 CVE-2020-4660 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
5927 CVE-2020-4661 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
5928 CVE-2020-4699 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
5929 CVE-2020-4717 2021-03-10 2021-03-16
2.1
None Local Low Not required None Partial None
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727.
5930 CVE-2020-4726 922 2021-03-02 2021-03-08
2.1
None Local Low Not required Partial None None
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
5931 CVE-2020-4765 922 2021-05-19 2021-05-26
2.1
None Local Low Not required Partial None None
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
5932 CVE-2020-4787 918 2021-01-27 2021-02-02
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.
5933 CVE-2020-4803 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
5934 CVE-2020-4805 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
5935 CVE-2020-4809 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
5936 CVE-2020-4832 200 +Info 2021-02-05 2021-07-21
2.1
None Local Low Not required Partial None None
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
5937 CVE-2020-4851 74 2021-03-16 2021-03-22
2.1
None Local Low Not required None Partial None
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.
5938 CVE-2020-4871 200 +Info 2021-01-19 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
5939 CVE-2020-4884 312 2021-03-30 2021-04-01
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
5940 CVE-2020-4886 922 +Info 2020-11-13 2020-11-17
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
5941 CVE-2020-4887 2021-01-20 2021-08-31
2.1
None Local Low Not required None Partial None
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
5942 CVE-2020-4889 2021-01-26 2021-01-29
2.1
None Local Low Not required None Partial None
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
5943 CVE-2020-4890 400 DoS 2021-03-16 2021-03-22
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.
5944 CVE-2020-4891 307 2021-03-16 2021-03-22
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.
5945 CVE-2020-4900 532 2020-11-30 2020-12-02
2.1
None Local Low Not required Partial None None
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
5946 CVE-2020-4906 922 2020-12-16 2020-12-17
2.1
None Local Low Not required Partial None None
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
5947 CVE-2020-4913 522 2021-01-04 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
5948 CVE-2020-4918 434 2021-01-04 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
5949 CVE-2020-4944 312 2021-03-30 2021-10-18
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
5950 CVE-2020-4951 200 +Info 2021-10-15 2021-11-17
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.