Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-19698
PUBLISHED: 2019-12-10

marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.

CVE-2019-4428
PUBLISHED: 2019-12-09

IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session….

CVE-2019-4611
PUBLISHED: 2019-12-09

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.

CVE-2019-4612
PUBLISHED: 2019-12-09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

CVE-2019-4621
PUBLISHED: 2019-12-09

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: