Vulnerabilities > IBM > I > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-38876 Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2019-11-09 CVE-2019-4450 Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2019-08-29 CVE-2019-4536 Improper Privilege Management vulnerability in IBM I 7.4
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles.
local
high complexity
ibm CWE-269
6.3
6.3
2019-06-14 CVE-2019-4381 Credentials Management vulnerability in IBM I 7.2/7.3
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC.
local
low complexity
ibm CWE-255
5.5
5.5
2019-01-31 CVE-2019-4040 Cross-site Scripting vulnerability in IBM I 7.2/7.3
IBM I 7.2 and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1