Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-28 | CVE-2020-4317 | Cross-site Scripting vulnerability in IBM products IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. | 5.4 |
| 2020-07-28 | CVE-2019-4731 | Information Exposure vulnerability in IBM MQ Appliance 9.1.4 IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. | 5.5 |
| 2020-07-27 | CVE-2020-4498 | Information Exposure Through Log Files vulnerability in IBM MQ Appliance IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. | 4.4 |
| 2020-07-27 | CVE-2020-4408 | Insufficiently Protected Credentials vulnerability in IBM Qradar Advisory The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. | 4.6 |
| 2020-07-27 | CVE-2020-4405 | Information Exposure Through Log Files vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. | 4.3 |
| 2020-07-23 | CVE-2020-4447 | Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.3/5.5.4 IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. | 5.4 |
| 2020-07-22 | CVE-2020-4399 | Unspecified vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. | 6.5 |
| 2020-07-22 | CVE-2020-4397 | Cleartext Transmission of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. | 5.9 |
| 2020-07-22 | CVE-2020-4369 | Cleartext Storage of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. | 5.5 |
| 2020-07-20 | CVE-2020-4527 | Session Fixation vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. | 5.9 |