Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-4130 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 6.5 |
| 2019-11-26 | CVE-2019-4387 | SQL Injection vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1/6.0.2.0 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. | 6.5 |
| 2019-11-22 | CVE-2019-4570 | Information Exposure Through an Error Message vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. | 5.0 |
| 2019-11-22 | CVE-2019-4216 | Injection vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. | 4.9 |
| 2019-11-22 | CVE-2019-4215 | Improper Input Validation vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2019-11-22 | CVE-2019-4214 | Missing Encryption of Sensitive Data vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2019-11-20 | CVE-2019-4530 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1 IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. | 5.5 |
| 2019-11-09 | CVE-2019-4645 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 4.3 |
| 2019-11-09 | CVE-2019-4581 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. | 4.3 |
| 2019-11-09 | CVE-2019-4556 | Unspecified vulnerability in IBM Qradar Advisor With Watson IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.0 |