Vulnerabilities > IBM > Intelligent Operations Center

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-4318 Cross-site Scripting vulnerability in IBM products
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-07-28 CVE-2020-4317 Cross-site Scripting vulnerability in IBM products
IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-09-05 CVE-2019-4321 Weak Password Requirements vulnerability in IBM products
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-08-20 CVE-2019-4420 Information Exposure Through an Error Message vulnerability in IBM products
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system.
local
low complexity
ibm CWE-209
6.2
2019-08-20 CVE-2019-4419 XXE vulnerability in IBM products
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2019-06-07 CVE-2019-4070 Cross-site Scripting vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-06-07 CVE-2019-4069 Unrestricted Upload of File with Dangerous Type vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content.
network
low complexity
ibm CWE-434
8.8
2019-06-07 CVE-2019-4068 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system.
network
low complexity
ibm CWE-307
7.5
2019-06-07 CVE-2019-4067 Weak Password Requirements vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-06-07 CVE-2019-4066 Unspecified vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution.
network
low complexity
ibm
8.8