Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-4873 | Incorrect Authorization vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 5.3 |
| 2021-01-19 | CVE-2020-4871 | Insecure Storage of Sensitive Information vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. | 5.5 |
| 2021-01-13 | CVE-2020-4604 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. | 4.4 |
| 2021-01-13 | CVE-2020-4602 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. | 4.4 |
| 2021-01-13 | CVE-2020-4600 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-13 | CVE-2020-4599 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-13 | CVE-2020-4597 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2021-01-13 | CVE-2019-4687 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. | 5.3 |
| 2021-01-12 | CVE-2020-4838 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-01-12 | CVE-2020-4674 | Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5 IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. | 4.3 |