Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2020-4292 | Information Exposure vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. | 5.0 |
| 2020-03-02 | CVE-2020-4283 | Use of Hard-coded Credentials vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 5.0 |
| 2020-02-27 | CVE-2019-4669 | SQL Injection vulnerability in IBM products IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. | 6.5 |
| 2020-02-26 | CVE-2019-4726 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-02-26 | CVE-2019-4598 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2.0.0/5.2.6.36/5.2.6.5 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. | 6.5 |
| 2020-02-26 | CVE-2019-4597 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2.0.0/5.2.6.36/5.2.6.5 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. | 6.5 |
| 2020-02-26 | CVE-2019-4537 | Unspecified vulnerability in IBM Websphere Service Registry and Repository 8.5 IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. | 5.0 |
| 2020-02-25 | CVE-2019-4672 | Unspecified vulnerability in IBM Qradar Advisor 1.1/2.5.0 IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. | 5.0 |
| 2020-02-25 | CVE-2019-4557 | Inadequate Encryption Strength vulnerability in IBM Qradar Advisor 1.1/2.5.0 IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.0 |