Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-16 | CVE-2020-4260 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. | 4.3 |
| 2020-04-15 | CVE-2020-4294 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). | 6.3 |
| 2020-04-15 | CVE-2020-4274 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. | 5.4 |
| 2020-04-15 | CVE-2020-4271 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. | 6.3 |
| 2020-04-15 | CVE-2020-4268 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. | 5.4 |
| 2020-04-15 | CVE-2019-4654 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.8 |
| 2020-04-15 | CVE-2019-4594 | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-04-15 | CVE-2019-4593 | Information Exposure Through an Error Message vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
| 2020-04-14 | CVE-2020-4151 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. | 6.5 |
| 2020-04-08 | CVE-2020-4291 | Session Fixation vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 4.3 |