Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-18 | CVE-2021-20444 | Cross-site Scripting vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. | 6.1 |
| 2021-02-18 | CVE-2020-4933 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2021-02-15 | CVE-2020-4956 | Resource Exhaustion vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. | 4.8 |
| 2021-02-15 | CVE-2020-4954 | Session Fixation vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . | 5.4 |
| 2021-02-12 | CVE-2021-20410 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. | 5.3 |
| 2021-02-12 | CVE-2021-20408 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. | 5.5 |
| 2021-02-12 | CVE-2021-20406 | Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.9 |
| 2021-02-11 | CVE-2021-20404 | Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. | 5.3 |
| 2021-02-11 | CVE-2020-4768 | Cross-site Scripting vulnerability in IBM Business Automation Workflow and Case Manager IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. | 5.4 |
| 2021-02-09 | CVE-2020-4996 | Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. | 5.5 |