Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36192

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-26 Dec, 2025 | 13:58
Updated At-26 Dec, 2025 | 15:15
Rejected At-
Credits

Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:26 Dec, 2025 | 13:58
Updated At:26 Dec, 2025 | 15:15
Rejected At:
▼CVE Numbering Authority (CNA)
Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms.

Affected Products
Vendor
IBM CorporationIBM
Product
DS8A00( R10.1)
CPEs
  • cpe:2.3:o:ibm:ds8900f_firmware:89.40.83.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:ds8900f_firmware:89.44.5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:ds8900f_firmware:89.42.18.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:ds8900f_firmware:10.2.45.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:ds8900f_firmware:10.10.106.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:ds8900f_firmware:10.1.3.0:*:*:*:*:*:*:*
Versions
Affected
  • 10.10.106.0 (semver)
Vendor
IBM CorporationIBM
Product
DS8A00 ( R10.0)
Versions
Affected
  • 10.1.3.0
  • 10.2.45.0
Vendor
IBM CorporationIBM
Product
DS8900F ( R9.4)
Versions
Affected
  • 89.40.83.0
  • 89.42.18.0
  • 89.44.5.0
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

DS8A00 fixes are delivered in Microcode Bundle 10.11.30.0 R10.1.1   DS8900F fixes are delivered in Microcode Bundle 89.44.17.0 R9.4 SP4.2   DS8A00 customers should either schedule Remote Code Load (RCL) via https://www.ibm.com/support/pages/ibm-remote-code-load  or contact IBM support, and request that 10.11.30.0 be applied to their systems.DS8900F customers should either schedule Remote Code Load (RCL) via https://www.ibm.com/support/pages/ibm-remote-code-load  or contact IBM support, and request that 89.44.17.0 be applied to their systems. ICS Installation Guidelines: The ICS(es) listed below remediate critical severity vulnerabilities a) ICS CVE_4Q2025_v1.0.iso includes remediation for CVE-2024-52533 , CVE-2025-49796 , CVE-2025-49794 and is available for DS8900F and DS8A00. b) ICS CVE_4Q2025_v1.1.iso includes remediation for CVE-2025-23048 and is available for DS8900F and DS8A00. DS8900Fsystem with R9.4 LIC bundle but below 89.44.17.0 or DS8A00 with R10.0 LIC bundle but below 10.11.30.0 are recommended to install both of the above mentioned ICS(es). Customers should should either contact Remote Code Load (RCL) via https://www.ibm.com/support/pages/ibm-remote-code-load  or contact IBM support to load the above mentioned ICS(es). Note: The above ICS(es) are not supported for DS8900F with LIC bundle below R9.4. Customers should either contact Remote Code Load (RCL) via https://www.ibm.com/support/pages/ibm-remote-code-load  or contact IBM support to load the recommended or latest LIC bundle on the DS8900F system.

Configurations
Workarounds

DS8900F and DS8A00 commonly known as DS8K is installed in client data center and clients control access to the system. DS8K offers multiple security features like LDAP, Multi-factor authentication, audit logging etc., that allows clients to control and audit personnel access to their DS8K. In addition, DS8K has implemented IBM approved challenge-response system to control IBM service personnel accessing the system either locally or remotely. So, a malicious attacker must meticulously bypass multiple layers of authentication by exploiting known open-source vulnerabilities to gain access to DS8K. The first step would be gaining access through the client infrastructure. While the issue must be mitigated at the earliest, it doesn’t pose an immediate vulnerability due to existing access controls implemented in DS8K. In addition, DS8K supports deployment of code fixes either via remote code load process or locally by IBM personnel. DS8K clients can deploy code fixes too.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7255039
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7255039
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:26 Dec, 2025 | 14:15
Updated At:14 Jan, 2026 | 21:09

IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CPE Matches
IBM Corporation
ibm
>>ds8a00_firmware>>10.10.106.0
cpe:2.3:o:ibm:ds8a00_firmware:10.10.106.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00>>10.1
cpe:2.3:h:ibm:ds8a00:10.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00_firmware>>10.1.3.0
cpe:2.3:o:ibm:ds8a00_firmware:10.1.3.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00_firmware>>10.2.45.0
cpe:2.3:o:ibm:ds8a00_firmware:10.2.45.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00>>10.0
cpe:2.3:h:ibm:ds8a00:10.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00_firmware>>89.40.83.0
cpe:2.3:o:ibm:ds8a00_firmware:89.40.83.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00_firmware>>89.42.18.0
cpe:2.3:o:ibm:ds8a00_firmware:89.42.18.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00_firmware>>89.44.5.0
cpe:2.3:o:ibm:ds8a00_firmware:89.44.5.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>ds8a00>>9.4
cpe:2.3:h:ibm:ds8a00:9.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondarypsirt@us.ibm.com
CWE ID: CWE-862
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7255039psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7255039
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

17Records found
CVE-2022-22369
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.24%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:50
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.

Action-Not Available
Vendor-IBM Corporation
Product-workload_schedulerWorkload Scheduler
CVE-2020-4669
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.78% / 73.27%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:10
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analytics_cloudplanning_analytics_localPlanning Analytics Local
CWE ID-CWE-862
Missing Authorization
CVE-2025-36367
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.18%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 12:01
Updated-05 Nov, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i is affected by a privilege escalation in IBM i SQL services

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-862
Missing Authorization
CVE-2025-36361
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.27%
||
7 Day CHG~0.00%
Published-24 Oct, 2025 | 09:35
Updated-28 Oct, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseApp Connect Enterprise
CWE ID-CWE-862
Missing Authorization
CVE-2023-47148
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.42%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 12:51
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect Plus Server information disclosure

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusStorage Protect Plus Serverstorage_protect_plus
CWE ID-CWE-862
Missing Authorization
CVE-2019-4158
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.30%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-40376
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.66%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 13:46
Updated-19 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) improper authentication controls

IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2022-43581
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 17:07
Updated-22 Apr, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator code execution

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-862
Missing Authorization
CVE-2020-4841
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-862
Missing Authorization
CVE-2020-4348
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-862
Missing Authorization
CVE-2020-4926
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.16% / 36.64%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 16:20
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scalelinux_kernelelastic_storage_systemSpectrum ScaleElastic Storage System
CWE ID-CWE-862
Missing Authorization
CVE-2020-5022
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.81%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 19:10
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-4783
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.54%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 16:55
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-862
Missing Authorization
CVE-2020-4413
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 47.66%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-862
Missing Authorization
CVE-2020-4816
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 13:05
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-862
Missing Authorization
CVE-2020-4175
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 52.72%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-862
Missing Authorization
CVE-2020-10684
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.9||HIGH
EPSS-0.02% / 5.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxopenstackfedoraansibleansible_towerAnsible
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Details not found