Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2019-4671 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. | 6.5 |
| 2020-09-04 | CVE-2020-4632 | Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Metadata Asset Manager 11.7 IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. | 4.0 |
| 2020-09-03 | CVE-2020-4638 | Improper Privilege Management vulnerability in IBM API Connect IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. | 6.5 |
| 2020-09-03 | CVE-2020-4337 | Unspecified vulnerability in IBM API Connect IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. network ibm | 4.3 |
| 2020-09-01 | CVE-2012-3340 | XML Entity Expansion vulnerability in IBM Infosphere Guardium 8.0/8.0.1/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. | 4.0 |
| 2020-09-01 | CVE-2012-3338 | Improper Input Validation vulnerability in IBM Infosphere Guardium 8.0/8.01/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. | 5.0 |
| 2020-09-01 | CVE-2012-3337 | Path Traversal vulnerability in IBM Infosphere Guardium 8.0/8.01/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. | 5.0 |
| 2020-09-01 | CVE-2012-3336 | SQL Injection vulnerability in IBM Infosphere Guardium 8.0/8.01/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. | 6.5 |
| 2020-08-28 | CVE-2020-4559 | Improper Input Validation vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. | 5.0 |
| 2020-08-28 | CVE-2019-4579 | Unspecified vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.0 |