Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-08 | CVE-2020-5019 | Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2021-01-08 | CVE-2020-5017 | Unspecified vulnerability in IBM Spectrum Protect 10.1.0/10.1.5/10.1.6 IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. | 5.5 |
| 2021-01-08 | CVE-2020-4667 | Improper Input Validation vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. | 4.3 |
| 2021-01-08 | CVE-2020-4666 | Cross-site Scripting vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. | 5.4 |
| 2021-01-08 | CVE-2020-4664 | Cross-site Scripting vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. | 5.4 |
| 2021-01-08 | CVE-2020-4663 | Cross-site Scripting vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. | 5.4 |
| 2021-01-08 | CVE-2020-4606 | XXE vulnerability in IBM Security Verify Privilege Manager IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 4.4 |
| 2021-01-07 | CVE-2020-4897 | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-07 | CVE-2020-4896 | Improper Input Validation vulnerability in IBM Emptoris Sourcing 10.1.0.0 IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. | 6.5 |
| 2021-01-07 | CVE-2020-4895 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. | 5.4 |