Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-4414 | Unspecified vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. | 4.4 |
| 2020-07-01 | CVE-2020-4387 | Race Condition vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. | 4.7 |
| 2020-07-01 | CVE-2020-4386 | Race Condition vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. | 4.7 |
| 2020-07-01 | CVE-2020-4376 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.0.4/8.1.0 IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. | 6.5 |
| 2020-07-01 | CVE-2020-4355 | Unspecified vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. | 5.3 |
| 2020-07-01 | CVE-2019-4704 | Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-07-01 | CVE-2017-1659 | Cross-site Scripting vulnerability in IBM Inotes "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. | 6.1 |
| 2020-06-29 | CVE-2020-4557 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. | 5.4 |
| 2020-06-26 | CVE-2020-4565 | Information Exposure vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. | 5.9 |
| 2020-06-26 | CVE-2020-4223 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1 IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. | 5.4 |