Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-08 | CVE-2019-4545 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. | 4.3 |
| 2020-10-01 | CVE-2020-4576 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. | 5.0 |
| 2020-09-29 | CVE-2020-4607 | Improper Input Validation vulnerability in IBM Security Verify Privilege Vault Remote On-Premises 1.3.2 IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. | 4.6 |
| 2020-09-25 | CVE-2020-4727 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-09-25 | CVE-2020-4531 | Unchecked Return Value vulnerability in IBM products IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-09-23 | CVE-2020-4340 | Improper Certificate Validation vulnerability in IBM Security Secret Server 10.7/10.7.000059/10.8 IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. | 4.3 |
| 2020-09-23 | CVE-2020-4324 | Improper Input Validation vulnerability in IBM Security Secret Server 10.7/10.7.000059/10.8 IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. | 4.0 |
| 2020-09-22 | CVE-2020-4622 | Use of Hard-coded Credentials vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 5.0 |
| 2020-09-22 | CVE-2020-4621 | Incorrect Authorization vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. | 6.5 |
| 2020-09-22 | CVE-2020-4619 | Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. | 4.0 |