Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-4995 | Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. | 5.3 |
| 2021-02-09 | CVE-2020-4791 | Improper Certificate Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. | 5.3 |
| 2021-02-09 | CVE-2020-4790 | Improper Input Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. | 6.5 |
| 2021-02-08 | CVE-2021-20359 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. | 6.5 |
| 2021-02-08 | CVE-2021-20358 | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. | 6.5 |
| 2021-02-05 | CVE-2020-4832 | Unspecified vulnerability in IBM Powerha 7.2 IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. | 5.5 |
| 2021-02-04 | CVE-2020-5032 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. low complexity ibm | 4.3 |
| 2021-02-04 | CVE-2020-4828 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. | 6.5 |
| 2021-02-04 | CVE-2020-4827 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-04 | CVE-2020-4826 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |