Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-4214 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-10-25 | CVE-2019-4394 | Unspecified vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. | 2.3 |
| 2019-10-25 | CVE-2019-4395 | Unspecified vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. | 3.3 |
| 2019-10-24 | CVE-2019-4398 | Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. | 3.3 |
| 2019-10-10 | CVE-2019-4265 | Insecure Storage of Sensitive Information vulnerability in IBM Maximo Anywhere IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. | 2.4 |
| 2019-09-30 | CVE-2019-4112 | Improper Privilege Management vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2019-09-17 | CVE-2019-4171 | Missing Encryption of Sensitive Data vulnerability in IBM Cognos Controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-09-17 | CVE-2019-4271 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. | 3.5 |
| 2019-08-29 | CVE-2019-4132 | Unspecified vulnerability in IBM Cloud Automation Manager 3.1.2 IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. | 3.3 |
| 2019-07-17 | CVE-2019-4054 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. | 3.3 |