Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-27 | CVE-2020-4350 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-05-27 | CVE-2020-4349 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-05-27 | CVE-2020-4348 | Incorrect Authorization vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. | 4.0 |
| 2020-05-27 | CVE-2020-4226 | Information Exposure vulnerability in IBM Mobilefirst Platform Foundation 8.0.0.0 IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. | 5.0 |
| 2020-05-20 | CVE-2020-4461 | Improper Input Validation vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. | 4.0 |
| 2020-05-19 | CVE-2020-4412 | Unspecified vulnerability in IBM Spectrum Scale The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. | 5.0 |
| 2020-05-19 | CVE-2020-4411 | Improper Input Validation vulnerability in IBM Spectrum Scale The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. | 4.9 |
| 2020-05-19 | CVE-2020-4286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-05-14 | CVE-2020-4365 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. | 4.0 |
| 2020-05-14 | CVE-2020-4299 | Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. | 4.0 |