Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-4692 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. | 6.5 |
| 2020-11-16 | CVE-2020-4672 | Cross-site Scripting vulnerability in IBM Business Automation Workflow 20.0.0.1 IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2020-11-16 | CVE-2020-4671 | Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. | 6.5 |
| 2020-11-16 | CVE-2020-4665 | Unspecified vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-11-16 | CVE-2020-4566 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. | 6.5 |
| 2020-11-16 | CVE-2020-4475 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 6.5 |
| 2020-11-10 | CVE-2020-4760 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. | 5.4 |
| 2020-11-10 | CVE-2020-4704 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. | 5.4 |
| 2020-11-10 | CVE-2020-4568 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager 3.0/3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2020-11-09 | CVE-2020-4651 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Spatial Asset Management IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.8 |