Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2020-4944 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. | 5.5 |
| 2021-03-30 | CVE-2020-4884 | Cleartext Storage of Sensitive Information vulnerability in IBM Urbancode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2021-03-30 | CVE-2020-4848 | Unspecified vulnerability in IBM Urbancode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. | 5.4 |
| 2021-03-22 | CVE-2020-4882 | Server-Side Request Forgery (SSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . | 6.1 |
| 2021-03-19 | CVE-2020-4635 | Unspecified vulnerability in IBM Soar 40.0 IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | 5.3 |
| 2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 5.5 |
| 2021-03-16 | CVE-2020-4890 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. | 4.4 |
| 2021-03-16 | CVE-2020-4851 | Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. | 5.5 |
| 2021-03-15 | CVE-2021-20440 | Unspecified vulnerability in IBM API Connect IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. | 4.3 |
| 2021-03-11 | CVE-2021-20336 | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 5.4 |