Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-22 | CVE-2020-4618 | Improper Input Validation vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. | 4.0 |
| 2020-09-22 | CVE-2020-4617 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 5.8 |
| 2020-09-22 | CVE-2020-4616 | Information Exposure vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. | 5.0 |
| 2020-09-22 | CVE-2020-4614 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. | 5.0 |
| 2020-09-22 | CVE-2020-4613 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-09-22 | CVE-2020-4612 | Information Exposure vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. | 4.0 |
| 2020-09-22 | CVE-2020-4611 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. | 6.5 |
| 2020-09-21 | CVE-2020-4643 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.0 |
| 2020-09-21 | CVE-2020-4731 | Cross-site Scripting vulnerability in IBM Aspera Shares 1.9.14 IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. | 4.3 |
| 2020-09-21 | CVE-2020-4590 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. | 4.0 |