Vulnerabilities > IBM > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-28 | CVE-2020-4248 | Information Exposure Through an Error Message vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
2020-05-17 | CVE-2020-4345 | SQL Injection vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. | 3.3 |
2020-05-06 | CVE-2019-4266 | Improper Privilege Management vulnerability in IBM Maximo Anywhere IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. | 2.4 |
2020-04-08 | CVE-2020-4164 | Information Exposure Through an Error Message vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. | 2.7 |
2020-03-03 | CVE-2020-4197 | Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. | 2.4 |
2020-02-13 | CVE-2019-4666 | Unspecified vulnerability in IBM Urbancode Build and Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. | 2.3 |
2020-02-05 | CVE-2019-4616 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Automation Manager 3.2.1.0 IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. | 3.5 |
2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 2.7 |
2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 2.7 |
2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |