Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-4575 | Cross-site Scripting vulnerability in IBM products IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. | 6.1 |
| 2020-08-27 | CVE-2020-4175 | Missing Authorization vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-08-27 | CVE-2020-4172 | Information Exposure vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. | 5.3 |
| 2020-08-27 | CVE-2020-4171 | Insecure Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. | 4.3 |
| 2020-08-27 | CVE-2020-4167 | Improper Authentication vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. | 6.5 |
| 2020-08-27 | CVE-2020-4166 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-08-26 | CVE-2019-4701 | Unspecified vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. | 5.3 |
| 2020-08-26 | CVE-2019-4697 | Insufficiently Protected Credentials vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. | 6.5 |
| 2020-08-26 | CVE-2019-4693 | Insufficiently Protected Credentials vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. | 4.4 |
| 2020-08-26 | CVE-2019-4692 | Unspecified vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. | 5.3 |