Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-21 | CVE-2020-4581 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. | 5.0 |
| 2020-09-21 | CVE-2020-4580 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. | 5.0 |
| 2020-09-21 | CVE-2020-4579 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. | 5.0 |
| 2020-09-21 | CVE-2020-4315 | Insecure Storage of Sensitive Information vulnerability in IBM Business Automation Content Analyzer ON Cloud 1.0 IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-09-16 | CVE-2020-4708 | Information Exposure vulnerability in IBM Security Trusteer Pinpoint Detect 11.6.5 IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. | 5.0 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
| 2020-09-15 | CVE-2020-8339 | Cross-site Scripting vulnerability in IBM Bladecenter Advanced Management Module Firmware A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. | 4.3 |
| 2020-09-15 | CVE-2020-4711 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2020-09-15 | CVE-2020-4703 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 6.0 |
| 2020-09-15 | CVE-2020-4526 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |