Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-4248 Information Exposure Through an Error Message vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
2.7
2020-05-17 CVE-2020-4345 SQL Injection vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to.
local
low complexity
ibm CWE-89
3.3
2020-05-06 CVE-2019-4266 Improper Privilege Management vulnerability in IBM Maximo Anywhere
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device.
low complexity
ibm CWE-269
2.4
2020-04-08 CVE-2020-4164 Information Exposure Through an Error Message vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system.
network
low complexity
ibm CWE-209
2.7
2020-03-03 CVE-2020-4197 Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system.
low complexity
ibm CWE-922
2.4
2020-02-13 CVE-2019-4666 Unspecified vulnerability in IBM Urbancode Build and Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents.
local
low complexity
ibm
2.3
2020-02-05 CVE-2019-4616 Missing Encryption of Sensitive Data vulnerability in IBM Cloud Automation Manager 3.2.1.0
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies.
low complexity
ibm CWE-311
3.5
2020-01-28 CVE-2019-4635 Command Injection vulnerability in IBM Security Secret Server 10.6/10.7
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements.
network
low complexity
ibm CWE-77
2.7
2020-01-28 CVE-2019-4636 Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages.
network
low complexity
ibm CWE-209
2.7
2020-01-28 CVE-2019-4638 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-565
3.7