Security Vulnerabilities - CVEs Published In October 2020
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-10-12
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-10-12
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
CVSS Score
5.5
EPSS Score
0.014
Published
2020-10-12
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-10-12
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.
CVSS Score
4.9
EPSS Score
0.002
Published
2020-10-12
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-10-12
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-12
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-12
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-10-12
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-10-12