Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-4327 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-06-24 | CVE-2020-4323 | Cross-site Scripting vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 4.3 |
| 2020-06-24 | CVE-2020-4322 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-06-23 | CVE-2020-4188 | Use of Insufficiently Random Values vulnerability in IBM Security Guardium 10.6/11.1 IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. | 5.0 |
| 2020-06-17 | CVE-2020-4532 | Information Exposure vulnerability in IBM products IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-06-16 | CVE-2020-4320 | Improper Certificate Validation vulnerability in IBM MQ IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. | 4.0 |
| 2020-06-16 | CVE-2020-4310 | Unspecified vulnerability in IBM MQ and Websphere MQ IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. | 5.0 |
| 2020-06-15 | CVE-2020-4494 | Information Exposure vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. | 5.0 |
| 2020-06-15 | CVE-2020-4477 | Information Exposure vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. | 4.0 |
| 2020-06-15 | CVE-2020-4471 | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. | 6.4 |