Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2019-12-03 CVE-2019-4467 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2019-12-03 CVE-2019-4468 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2019-11-25 CVE-2018-2025 Incorrect Default Permissions vulnerability in IBM products
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone.
local
low complexity
ibm CWE-276
3.6
2019-11-25 CVE-2019-4406 Improper Input Validation vulnerability in IBM Spectrum Protect Backup-Archive Client
IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications.
local
low complexity
ibm CWE-20
2.1
2019-11-22 CVE-2019-4243 Unspecified vulnerability in IBM Smartcloud Analytics LOG Analysis
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks.
local
low complexity
ibm
3.6
2019-11-22 CVE-2019-4569 Cross-site Scripting vulnerability in IBM Tivoli Netcool/Impact
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2019-11-12 CVE-2019-4652 Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions.
local
low complexity
ibm CWE-276
3.6
2019-11-09 CVE-2019-4454 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2019-11-09 CVE-2019-4470 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2019-10-25 CVE-2019-4394 Improper Input Validation vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email.
local
low complexity
ibm CWE-20
2.1