Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2020-4718 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting.
network
ibm CWE-79
3.5
3.5
2020-11-18 CVE-2020-4592 Unspecified vulnerability in IBM MQ Appliance 9.1.0.0
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
network
ibm
3.5
3.5
2020-11-16 CVE-2020-4672 Cross-site Scripting vulnerability in IBM Business Automation Workflow 20.0.0.1
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2020-11-16 CVE-2020-4705 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2020-11-13 CVE-2020-4886 Insecure Storage of Sensitive Information vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system.
local
low complexity
ibm CWE-922
2.1
2.1
2020-11-10 CVE-2020-4568 Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager 3.0/3.0.1/4.0
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
2.1
2.1
2020-11-09 CVE-2020-4650 Information Exposure vulnerability in IBM Maximo Spatial Asset Management
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
2.1
2.1
2020-11-09 CVE-2020-4651 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Spatial Asset Management
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 		2.9
2.9
2020-11-05 CVE-2018-1725 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure.
local
low complexity
ibm
2.1
2.1
2020-11-03 CVE-2019-4349 Information Exposure vulnerability in IBM Maximo Anywhere
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service.
local
low complexity
ibm CWE-200
3.6
3.6