Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-24 | CVE-2020-4267 | Missing Release of Resource after Effective Lifetime vulnerability in IBM MQ and MQ Appliance IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. | 4.0 |
| 2020-04-24 | CVE-2019-4751 | Information Exposure vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0 IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. | 5.0 |
| 2020-04-24 | CVE-2019-4750 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0 IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2020-04-23 | CVE-2020-4311 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Monitoring 6.3.0 IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. | 6.9 |
| 2020-04-23 | CVE-2020-4202 | Improper Privilege Management vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). | 6.0 |
| 2020-04-17 | CVE-2020-4277 | Information Exposure vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. | 5.0 |
| 2020-04-17 | CVE-2019-4644 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2019-4446 | Missing Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.5 |
| 2020-04-16 | CVE-2020-4260 | Information Exposure vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. | 4.0 |
| 2020-04-16 | CVE-2019-4762 | Unspecified vulnerability in IBM MQ IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. | 5.0 |