Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2020-4189 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. | 4.3 |
| 2021-01-27 | CVE-2020-4967 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. | 4.3 |
| 2021-01-27 | CVE-2020-4820 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. | 6.1 |
| 2021-01-27 | CVE-2020-4816 | Missing Authorization vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-01-27 | CVE-2020-4815 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | 5.3 |
| 2021-01-27 | CVE-2020-4628 | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security 1.3.0.1/1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-21 | CVE-2020-4969 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-01-21 | CVE-2020-4968 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 6.5 |
| 2021-01-21 | CVE-2020-4966 | Link Following vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2021-01-20 | CVE-2020-4887 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. | 5.5 |