Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-4486 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation.
network
low complexity
ibm
5.5
2020-08-11 CVE-2020-4485 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks.
network
low complexity
ibm
4.0
2020-08-10 CVE-2020-4541 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 7.0/7.0.1
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2020-08-10 CVE-2020-4539 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2020-08-10 CVE-2020-4533 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2020-08-05 CVE-2020-4481 XML Entity Expansion vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-776
6.4
2020-08-05 CVE-2020-4243 Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens.
network
ibm CWE-384
4.3
2020-08-04 CVE-2020-4410 Information Exposure vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to.
network
low complexity
ibm CWE-200
4.0
2020-08-03 CVE-2020-4560 Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4.0
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2020-08-03 CVE-2020-4554 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2
IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
ibm CWE-119
6.9