Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-11 | CVE-2020-4486 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. | 5.5 |
2020-08-11 | CVE-2020-4485 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. | 4.0 |
2020-08-10 | CVE-2020-4541 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service 7.0/7.0.1 IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. | 4.3 |
2020-08-10 | CVE-2020-4539 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. | 4.3 |
2020-08-10 | CVE-2020-4533 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0 IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 4.3 |
2020-08-05 | CVE-2020-4481 | XML Entity Expansion vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2020-08-05 | CVE-2020-4243 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. | 4.3 |
2020-08-04 | CVE-2020-4410 | Information Exposure vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. | 4.0 |
2020-08-03 | CVE-2020-4560 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4.0 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 4.3 |
2020-08-03 | CVE-2020-4554 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |