Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-24 | CVE-2020-4383 | Improper Input Validation vulnerability in IBM Elastic Storage Server IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. | 4.0 |
| 2020-08-24 | CVE-2020-4170 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-08-24 | CVE-2018-1985 | Classic Buffer Overflow vulnerability in IBM Security Rapport 3.6.1908.22/3.6.1908.26 IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. | 4.9 |
| 2020-08-20 | CVE-2020-4687 | Information Exposure vulnerability in IBM Content Navigator 3.0.0/3.0.7/3.0.8 IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. | 4.0 |
| 2020-08-20 | CVE-2020-4548 | Improper Input Validation vulnerability in IBM Content Navigator 3.0.0/3.0.7/3.0.8 IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. | 4.0 |
| 2020-08-19 | CVE-2020-4653 | Open Redirect vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2020-08-19 | CVE-2020-4648 | Incorrect Authorization vulnerability in IBM Planning Analytics 2.0 A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. | 4.0 |
| 2020-08-17 | CVE-2020-4686 | Improper Privilege Management vulnerability in IBM products IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. | 5.5 |
| 2020-08-14 | CVE-2020-4662 | Improper Authentication vulnerability in IBM Event Streams 10.0.0 IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. | 6.5 |
| 2020-08-13 | CVE-2019-4582 | Path Traversal vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.0.1 IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. | 4.0 |