Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2019-4706 | Information Exposure Through Log Files vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 4.0 |
| 2020-07-01 | CVE-2019-4705 | Information Exposure vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. | 4.0 |
| 2020-07-01 | CVE-2019-4704 | Incorrect Authorization vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-07-01 | CVE-2017-1659 | Cross-site Scripting vulnerability in IBM Inotes "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. | 4.3 |
| 2020-06-29 | CVE-2020-4452 | Information Exposure vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-06-26 | CVE-2020-4565 | Information Exposure vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. | 4.3 |
| 2020-06-26 | CVE-2019-4650 | SQL Injection vulnerability in IBM Maximo Asset Management 7.6.1.1 IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. | 6.5 |
| 2020-06-24 | CVE-2020-4413 | Information Exposure vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2020-06-24 | CVE-2020-4342 | Information Exposure vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. | 5.0 |
| 2020-06-24 | CVE-2020-4341 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |