Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-4281 | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2020-06-17 | CVE-2020-4532 | Information Exposure Through an Error Message vulnerability in IBM products IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-16 | CVE-2020-4320 | Improper Certificate Validation vulnerability in IBM MQ IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. | 6.5 |
| 2020-06-15 | CVE-2020-4477 | Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. | 6.5 |
| 2020-06-15 | CVE-2020-4471 | Missing Authentication for Critical Function vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. | 6.5 |
| 2020-06-15 | CVE-2020-4406 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2020-06-12 | CVE-2020-4251 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. | 5.4 |
| 2020-06-11 | CVE-2020-4380 | Cross-site Scripting vulnerability in IBM Workload Scheduler 9.3.0.4 IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. | 5.4 |
| 2020-06-04 | CVE-2020-4191 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.4 |
| 2020-06-04 | CVE-2020-4183 | Cross-site Scripting vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 is vulnerable to cross-site scripting. | 6.1 |