Total
18246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5070 | 1 Epignosishq | 1 Efront Lms | 2024-11-21 | 6.5 Medium |
| An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | ||||
| CVE-2019-4752 | 1 Ibm | 2 Emptoris Spend Analysis, Emptoris Strategic Supply Management Platform | 2024-11-21 | 8.8 High |
| IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348. | ||||
| CVE-2019-4680 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. | ||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.3 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | ||||
| CVE-2019-4669 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 6.3 Medium |
| IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254. | ||||
| CVE-2019-4651 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 9.8 Critical |
| IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962. | ||||
| CVE-2019-4650 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.3 Medium |
| IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | ||||
| CVE-2019-4598 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881. | ||||
| CVE-2019-4597 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880. | ||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 9.8 Critical |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | ||||
| CVE-2019-4483 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 9.8 Critical |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067. | ||||
| CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 9.8 Critical |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | ||||
| CVE-2019-4387 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 162715. | ||||
| CVE-2019-4224 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 8.8 High |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. | ||||
| CVE-2019-4147 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 7.2 High |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | ||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 9.8 Critical |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | ||||
| CVE-2019-4012 | 1 Ibm | 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution | 2024-11-21 | 9.8 Critical |
| IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. | ||||
| CVE-2019-3797 | 2 Pivotal Software, Redhat | 2 Spring Data Java Persistence Api, Jboss Fuse | 2024-11-21 | N/A |
| This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | ||||
| CVE-2019-3792 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | N/A |
| Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. | ||||
| CVE-2019-3760 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2024-11-21 | 6.4 Medium |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. | ||||