Ibm Storediq vulnerabilities

CVE-2020-4224 [MEDIUM] CWE-312 CVE-2020-4224: IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to d IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

CVE-2019-4167 [MEDIUM] CWE-352 CVE-2019-4167: IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to exec IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.

CVE-2019-4165 [HIGH] CVE-2019-4165: IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service att IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698.

CVE-2019-4163 [MEDIUM] CVE-2019-4163: IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive informat IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696.

CVE-2019-4166 [MEDIUM] CWE-601 CVE-2019-4166: IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect a IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker

CVE-2018-1927 [MEDIUM] CWE-352 CVE-2018-1927: IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execut IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.

CVE-2018-1928 [MEDIUM] CVE-2018-1928: IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possibl IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.

CVE-2018-1583 [MEDIUM] CVE-2018-1583: IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By s IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.