Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-4346 | Information Exposure vulnerability in IBM API Connect IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. | 5.0 |
| 2020-05-12 | CVE-2019-4478 | Information Exposure vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1 IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. | 4.0 |
| 2020-05-11 | CVE-2019-4667 | Information Exposure vulnerability in IBM Urbancode Deploy 7.0.5.2 IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.0 |
| 2020-05-06 | CVE-2020-4446 | Incorrect Authorization vulnerability in IBM products IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. | 4.0 |
| 2020-05-06 | CVE-2020-4421 | Improper Authentication vulnerability in IBM Websphere Application Server IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. | 5.5 |
| 2020-05-06 | CVE-2020-10693 | Improper Input Validation vulnerability in multiple products A flaw was found in Hibernate Validator version 6.1.2.Final. | 5.3 |
| 2020-05-04 | CVE-2020-4209 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. | 5.5 |
| 2020-04-28 | CVE-2020-4329 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. | 4.0 |
| 2020-04-27 | CVE-2019-4729 | Information Exposure Through an Error Message vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |