Vulnerabilities > IBM > I2 Analyze > 4.3.1

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2021-20430 Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.0
5.0
2021-07-26 CVE-2021-29766 Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.0
5.0
2021-07-26 CVE-2021-29769 Cleartext Transmission of Sensitive Information vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies.
network
ibm CWE-319
4.3
4.3
2021-07-26 CVE-2021-29770 Missing Authorization vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation.
network
low complexity
ibm CWE-862
4.0
4.0
2021-07-26 CVE-2021-29784 Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.0
4.0