Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-4311 | Incorrect Authorization vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. | 5.3 |
| 2019-10-29 | CVE-2019-4309 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. | 5.5 |
| 2019-10-29 | CVE-2019-4307 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2019-10-29 | CVE-2019-4306 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. | 6.5 |
| 2019-10-25 | CVE-2019-4400 | Path Traversal vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2019-10-25 | CVE-2019-4399 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2019-10-25 | CVE-2019-4036 | Improper Input Validation vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. | 5.0 |
| 2019-10-24 | CVE-2019-4397 | Information Exposure vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. | 4.0 |
| 2019-10-09 | CVE-2019-4512 | Information Exposure Through an Error Message vulnerability in IBM products IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.0 |
| 2019-10-04 | CVE-2019-4564 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. | 6.1 |