Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-30 | CVE-2020-4185 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium 10.5/10.6/11.1 IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-07-29 | CVE-2020-4644 | Improper Input Validation vulnerability in IBM Planning Analytics Local IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. | 5.8 |
| 2020-07-29 | CVE-2020-4573 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. | 5.0 |
| 2020-07-29 | CVE-2020-4572 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-07-29 | CVE-2020-4569 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. | 6.4 |
| 2020-07-29 | CVE-2020-4567 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2020-07-29 | CVE-2020-4463 | XXE vulnerability in IBM Maximo Asset Management 7.6.0.1/7.6.0.2 IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2020-07-28 | CVE-2020-4465 | Classic Buffer Overflow vulnerability in IBM MQ Appliance IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. | 4.0 |
| 2020-07-28 | CVE-2020-4375 | Missing Release of Resource after Effective Lifetime vulnerability in IBM MQ Appliance IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. | 5.0 |
| 2020-07-27 | CVE-2020-4405 | Information Exposure Through Log Files vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. | 4.0 |