IBM Storediq

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links

CVE-2020-4224 5.5 - Medium - February 03, 2020

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.

Information Disclosure

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2019-4167 6.5 - Medium - August 20, 2019

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.

Session Riding

IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authent

CVE-2019-4163 4.3 - Medium - July 31, 2019

IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696.

IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote a

CVE-2019-4165 7.5 - High - July 31, 2019

IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698.

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack

CVE-2019-4166 6.1 - Medium - April 30, 2019

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.

Open Redirect

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2018-1927 8.8 - High - November 30, 2018

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.

Session Riding

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to

CVE-2018-1928 5.5 - Medium - November 30, 2018

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions

CVE-2018-1583 5.4 - Medium - May 22, 2018

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.