Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-4595 | Open Redirect vulnerability in IBM Sterling B2B Integrator 5.2.0.0/5.2.6.36/5.2.6.5 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2020-02-20 | CVE-2019-4752 | SQL Injection vulnerability in IBM products IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. | 6.5 |
| 2020-02-20 | CVE-2019-4583 | Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1 IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. | 4.0 |
| 2020-02-19 | CVE-2020-4230 | Improper Privilege Management vulnerability in IBM DB2 11.1/11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. | 4.6 |
| 2020-02-19 | CVE-2020-4200 | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. | 4.0 |
| 2020-02-19 | CVE-2020-4161 | Injection vulnerability in IBM DB2 11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. | 4.0 |
| 2020-02-19 | CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 5.0 |
| 2020-02-19 | CVE-2019-4457 | Unspecified vulnerability in IBM Jazz Foundation IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. | 4.0 |
| 2020-02-18 | CVE-2012-0718 | Unspecified vulnerability in IBM Tivoli Endpoint Manager 8.0 IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. network ibm | 5.8 |
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 6.8 |