Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-4562 | Information Exposure vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 stores sensitive information in URLs. | 5.0 |
| 2020-02-04 | CVE-2019-4551 | Missing Authentication for Critical Function vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 5.0 |
| 2020-02-04 | CVE-2019-4550 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. | 5.0 |
| 2020-02-04 | CVE-2019-4548 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-02-04 | CVE-2019-4541 | Improper Input Validation vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 6.5 |
| 2020-02-04 | CVE-2019-4540 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-02-03 | CVE-2019-4732 | Untrusted Search Path vulnerability in IBM SDK and Websphere Application Server IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 6.9 |
| 2020-01-31 | CVE-2019-4720 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. | 5.0 |
| 2020-01-28 | CVE-2019-4707 | XXE vulnerability in IBM Security Access Manager 9.0.7.0 IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2020-01-28 | CVE-2019-4679 | Unspecified vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. | 4.0 |