Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2020-4976 | Incorrect Default Permissions vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. | 4.4 |
| 2021-03-10 | CVE-2020-5016 | Path Traversal vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2021-03-10 | CVE-2020-4717 | Link Following vulnerability in IBM Spss Modeler A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. | 5.5 |
| 2021-03-09 | CVE-2021-20341 | Unspecified vulnerability in IBM Cloud PAK for Multicloud Management Monitoring 2.0.0/2.2.0 IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. | 5.3 |
| 2021-03-08 | CVE-2020-5014 | Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. | 6.7 |
| 2021-03-08 | CVE-2020-4903 | Unspecified vulnerability in IBM API Connect IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. | 6.5 |
| 2021-03-04 | CVE-2021-20351 | Cross-site Scripting vulnerability in IBM products IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-03-04 | CVE-2021-20350 | Cross-site Scripting vulnerability in IBM products IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-03-04 | CVE-2021-20340 | Cross-site Scripting vulnerability in IBM products IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-03-04 | CVE-2020-4975 | Cross-site Scripting vulnerability in IBM products IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |