Total
41073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4542 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 6.1 Medium |
| IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. | ||||
| CVE-2019-4497 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 5.4 Medium |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. | ||||
| CVE-2019-4495 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 5.4 Medium |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. | ||||
| CVE-2019-4494 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 5.4 Medium |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115. | ||||
| CVE-2019-4486 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 6 more | 2024-11-21 | 5.4 Medium |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. | ||||
| CVE-2019-4482 | 1 Ibm | 1 Emptoris Spend Analysis | 2024-11-21 | 5.4 Medium |
| IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066. | ||||
| CVE-2019-4470 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.4 Medium |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. | ||||
| CVE-2019-4468 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 5.4 Medium |
| IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777. | ||||
| CVE-2019-4467 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 5.4 Medium |
| IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776. | ||||
| CVE-2019-4459 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656. | ||||
| CVE-2019-4454 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.4 Medium |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. | ||||
| CVE-2019-4451 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 5.4 Medium |
| IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493. | ||||
| CVE-2019-4450 | 1 Ibm | 1 I | 2024-11-21 | 6.1 Medium |
| IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. | ||||
| CVE-2019-4429 | 1 Ibm | 10 Control Desk, Maximo Anywhere, Maximo For Aviation and 7 more | 2024-11-21 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. | ||||
| CVE-2019-4428 | 1 Ibm | 1 Watson Assistant For Ibm Cloud Pak For Data | 2024-11-21 | 5.4 Medium |
| IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807. | ||||
| CVE-2019-4426 | 1 Ibm | 2 Business Automation Workflow, Case Manager | 2024-11-21 | 5.4 Medium |
| The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772. | ||||
| CVE-2019-4410 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.4 Medium |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. | ||||
| CVE-2019-4409 | 1 Hcltech | 1 Traveler | 2024-11-21 | 5.4 Medium |
| HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2019-4403 | 1 Ibm | 1 Connections | 2024-11-21 | 5.4 Medium |
| IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264. | ||||
| CVE-2019-4388 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 4.8 Medium |
| HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. | ||||