Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-4388 | Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. | 6.4 |
| 2020-10-12 | CVE-2020-4781 | Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. | 4.0 |
| 2020-10-12 | CVE-2020-4780 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. | 5.0 |
| 2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.5 |
| 2020-10-12 | CVE-2020-4778 | Inadequate Encryption Strength vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. | 5.0 |
| 2020-10-12 | CVE-2020-4776 | Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. | 5.0 |
| 2020-10-12 | CVE-2020-4774 | Injection vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. | 5.5 |
| 2020-10-12 | CVE-2020-4773 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. | 4.3 |
| 2020-10-12 | CVE-2020-4772 | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.5 |
| 2020-10-08 | CVE-2020-4799 | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 14.10 IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. | 4.6 |