Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Storediq
(Ibm)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 8 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-04-30 | CVE-2019-4166 | IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | Storediq | 6.1 | ||
2019-07-31 | CVE-2019-4163 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. | Storediq | 4.3 | ||
2019-08-20 | CVE-2019-4167 | IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. | Storediq | 6.5 | ||
2019-07-31 | CVE-2019-4165 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. | Storediq | 7.5 | ||
2020-02-03 | CVE-2020-4224 | IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | Storediq | 5.5 | ||
2018-11-30 | CVE-2018-1928 | IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119. | Storediq | 5.5 | ||
2018-11-30 | CVE-2018-1927 | IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | Storediq | 8.8 | ||
2018-05-22 | CVE-2018-1583 | IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. | Storediq | 5.4 |