Vulnerabilities > IBM > Low

DATE CVE VULNERABILITY TITLE RISK
2019-12-03 CVE-2019-4465 Improper Privilege Management vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
2019-11-22 CVE-2019-4214 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Smartcloud Analytics LOG Analysis
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-732
3.7
2019-10-25 CVE-2019-4394 Unspecified vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email.
local
low complexity
ibm
2.3
2019-10-25 CVE-2019-4395 Unspecified vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files.
local
low complexity
ibm
3.3
2019-10-24 CVE-2019-4398 Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies.
local
low complexity
ibm CWE-552
3.3
2019-10-10 CVE-2019-4265 Insecure Storage of Sensitive Information vulnerability in IBM Maximo Anywhere
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device.
low complexity
ibm CWE-922
2.4
2019-09-30 CVE-2019-4112 Improper Privilege Management vulnerability in IBM Websphere Extreme Scale
IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
2019-09-17 CVE-2019-4171 Missing Encryption of Sensitive Data vulnerability in IBM Cognos Controller
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-311
3.7
2019-09-17 CVE-2019-4271 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability.
network
low complexity
ibm CWE-20
3.5
2019-08-29 CVE-2019-4132 Unspecified vulnerability in IBM Cloud Automation Manager 3.1.2
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message.
local
low complexity
ibm
3.3