Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-4893 | Cleartext Transmission of Sensitive Information vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. | 5.9 |
| 2021-01-07 | CVE-2020-4892 | Cross-site Scripting vulnerability in IBM Emptoris Contract Management 10.1.3.0 IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2021-01-06 | CVE-2020-4336 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. | 5.3 |
| 2021-01-05 | CVE-2020-4761 | Information Exposure Through an Error Message vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-04 | CVE-2020-4928 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. | 6.7 |
| 2021-01-04 | CVE-2020-4918 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. | 4.4 |
| 2021-01-04 | CVE-2020-4916 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |
| 2021-01-04 | CVE-2020-4913 | Insufficiently Protected Credentials vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. | 4.4 |
| 2021-01-04 | CVE-2020-4910 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |
| 2021-01-04 | CVE-2020-4909 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |