Vulnerabilities > IBM > Data Risk Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-12 | CVE-2021-38915 | Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. | 6.5 |
| 2020-09-22 | CVE-2020-4619 | Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. | 6.5 |
| 2020-09-22 | CVE-2020-4618 | Improper Input Validation vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. | 4.9 |
| 2020-09-22 | CVE-2020-4616 | Unspecified vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. | 5.3 |
| 2020-09-22 | CVE-2020-4615 | Cross-site Scripting vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2020-09-22 | CVE-2020-4612 | Unspecified vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. | 6.5 |
| 2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |