Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2019-07-01 CVE-2019-4296 Information Exposure Through Log Files vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0.0.0/11.0.0.1/11.0.0.2
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file.
local
low complexity
ibm CWE-532
3.3
2019-06-25 CVE-2019-4150 Improper Certificate Validation vulnerability in IBM Security Access Manager
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
network
high complexity
ibm CWE-295
3.7
2019-06-17 CVE-2019-4174 Improper Privilege Management vulnerability in IBM Cognos Controller
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
2019-06-17 CVE-2019-4177 Improper Privilege Management vulnerability in IBM Cognos Controller
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
2019-06-06 CVE-2019-4161 Unspecified vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users.
local
low complexity
ibm
3.3
2019-06-06 CVE-2019-4218 Improper Privilege Management vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
2019-06-06 CVE-2019-4048 Improper Privilege Management vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine.
low complexity
ibm CWE-269
2.1
2019-05-22 CVE-2018-1991 Information Exposure vulnerability in IBM API Connect
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers.
network
low complexity
ibm CWE-200
2.7
2019-05-20 CVE-2018-2005 Information Exposure vulnerability in IBM Bigfix Platform
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions.
local
low complexity
ibm CWE-200
3.3
2019-05-07 CVE-2019-4207 Unspecified vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system.
local
low complexity
ibm
3.3