| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-4558 |
1 Ibm |
1 Spectrum Scale |
2019-10-11 |
7.2 |
| A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into... |
| CVE-2019-4265 |
1 Ibm |
1 Maximo Anywhere |
2019-10-10 |
2.1 |
| IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. |
| CVE-2019-6157 |
2 Ibm, Lenovo |
42 Bladecenter Hs22 Firmware, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 39 more |
2019-10-09 |
5.0 |
| In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. |
| CVE-2019-6155 |
1 Ibm |
4 Bladecenter Hs23 Firmware, System X3530 M4 Firmware, System X3630 M4 Firmware and 1 more |
2019-10-09 |
7.8 |
| A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. |
| CVE-2019-4571 |
1 Ibm |
1 Content Navigator |
2019-10-09 |
3.5 |
| IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... |
| CVE-2019-4566 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
2.1 |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. |
| CVE-2019-4565 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
5.0 |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. |
| CVE-2019-4564 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
4.3 |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2019-4549 |
1 Ibm |
1 Security Directory Server |
2019-10-09 |
5.0 |
| IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. |
| CVE-2019-4542 |
1 Ibm |
1 Security Directory Server |
2019-10-09 |
4.3 |
| IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... |
| CVE-2019-4539 |
1 Ibm |
1 Security Directory Server |
2019-10-09 |
5.5 |
| IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. |
| CVE-2019-4538 |
1 Ibm |
1 Security Directory Server |
2019-10-09 |
5.8 |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to... |
| CVE-2019-4536 |
1 Ibm |
1 I |
2019-10-09 |
3.3 |
| IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user... |
| CVE-2019-4520 |
1 Ibm |
1 Security Directory Server |
2019-10-09 |
5.0 |
| IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. |
| CVE-2019-4515 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
4.3 |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. |
| CVE-2019-4514 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
5.0 |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. |
| CVE-2019-4513 |
1 Ibm |
1 Security Access Manager For Enterprise Single Sign-on |
2019-10-09 |
6.4 |
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume... |
| CVE-2019-4505 |
1 Ibm |
2 Websphere Application Server, Websphere Virtual Enterprise |
2019-10-09 |
5.0 |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain... |
| CVE-2019-4497 |
1 Ibm |
1 Jazz Reporting Service |
2019-10-09 |
3.5 |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-4495 |
1 Ibm |
1 Jazz Reporting Service |
2019-10-09 |
3.5 |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
