Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-4629 Information Exposure Through an Error Message vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message.
local
low complexity
ibm CWE-209
3.3
2020-09-15 CVE-2020-4344 Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Business Service Manager 6.2.0.0
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
2020-08-28 CVE-2020-4591 Missing Encryption of Sensitive Data vulnerability in IBM Spectrum Protect Server
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.
local
low complexity
ibm CWE-311
3.3
2020-08-26 CVE-2019-4695 Insecure Storage of Sensitive Information vulnerability in IBM Guardium Data Encryption 3.0.0.2
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
2020-08-26 CVE-2019-4699 Information Exposure Through an Error Message vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-209
2.7
2020-08-20 CVE-2020-4548 Improper Input Validation vulnerability in IBM Content Navigator 3.0.0/3.0.7/3.0.8
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation.
network
low complexity
ibm CWE-20
2.7
2020-08-05 CVE-2020-4243 Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens.
network
high complexity
ibm CWE-384
3.7
2020-07-22 CVE-2020-4371 Insecure Storage of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system.
local
low complexity
ibm CWE-922
3.3
2020-07-01 CVE-2019-4705 Unspecified vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm
2.7
2020-07-01 CVE-2019-4706 Information Exposure Through Log Files vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
network
low complexity
ibm CWE-532
2.7