Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-4736 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager FOR Multiplatform 3.0.0.0 IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-20 | CVE-2019-4231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-20 | CVE-2018-1934 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Business Intelligence 10.2.2 IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2019-12-18 | CVE-2019-4609 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7 IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2019-12-16 | CVE-2019-4560 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. | 4.0 |
| 2019-12-12 | CVE-2019-4606 | Untrusted Search Path vulnerability in IBM DB2 High Performance Unload Load IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. | 6.9 |
| 2019-12-10 | CVE-2019-4244 | Missing Authentication for Critical Function vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. | 6.4 |
| 2019-12-10 | CVE-2019-4095 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-09 | CVE-2019-4621 | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 6.8 |
| 2019-12-09 | CVE-2019-4612 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. | 6.5 |