Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2019-4616 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Automation Manager 3.2.1.0 IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. | 3.5 |
| 2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 2.7 |
| 2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 2.7 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-12-03 | CVE-2019-4465 | Improper Privilege Management vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2019-11-22 | CVE-2019-4214 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-10-25 | CVE-2019-4394 | Unspecified vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. | 2.3 |
| 2019-10-25 | CVE-2019-4395 | Unspecified vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. | 3.3 |
| 2019-10-24 | CVE-2019-4398 | Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. | 3.3 |
| 2019-10-10 | CVE-2019-4265 | Insecure Storage of Sensitive Information vulnerability in IBM Maximo Anywhere IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. | 2.4 |