Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-24 | CVE-2020-4309 | Information Exposure vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. | 5.0 |
| 2020-03-24 | CVE-2020-4253 | Insufficient Session Expiration vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2020-03-24 | CVE-2019-4681 | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. | 4.3 |
| 2020-03-24 | CVE-2019-4553 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-03-19 | CVE-2020-4205 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. | 6.5 |
| 2020-03-19 | CVE-2020-4203 | Information Exposure vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. | 4.0 |
| 2020-03-18 | CVE-2020-4199 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-03-16 | CVE-2019-4656 | Improper Input Validation vulnerability in IBM MQ, MQ Appliance and Websphere MQ IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. | 4.0 |
| 2020-03-09 | CVE-2020-4217 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Spectrum Scale The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. | 5.0 |
| 2020-03-05 | CVE-2020-4278 | Improper Privilege Management vulnerability in IBM products IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. | 4.6 |