Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-20 | CVE-2020-4756 | Improper Resource Shutdown or Release vulnerability in IBM Elastic Storage Server and Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. | 4.9 |
| 2020-10-20 | CVE-2020-4749 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-10-20 | CVE-2020-4748 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 4.3 |
| 2020-10-20 | CVE-2019-4680 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. | 6.5 |
| 2020-10-16 | CVE-2020-4636 | Command Injection vulnerability in IBM Resilient Security Orchestration Automation and Response 38.2 IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. | 6.5 |
| 2020-10-16 | CVE-2020-4254 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0 IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-10-15 | CVE-2019-4552 | Unspecified vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. network ibm | 5.8 |
| 2020-10-14 | CVE-2020-4395 | Insufficient Session Expiration vulnerability in IBM Security Access Manager Appliance 9.0.7 IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.5 |
| 2020-10-12 | CVE-2020-4740 | Injection vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. | 4.3 |
| 2020-10-12 | CVE-2020-4678 | Information Exposure vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. | 4.0 |