Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-05 | CVE-2019-4149 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. | 5.4 |
| 2019-08-29 | CVE-2019-4536 | Improper Privilege Management vulnerability in IBM I 7.4 IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. | 6.3 |
| 2019-08-29 | CVE-2019-4133 | Unspecified vulnerability in IBM Cloud Automation Manager 3.1.2 IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. | 5.2 |
| 2019-08-20 | CVE-2019-4482 | Cross-site Scripting vulnerability in IBM Emptoris Spend Analysis IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2019-08-20 | CVE-2019-4437 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. | 5.3 |
| 2019-08-20 | CVE-2019-4167 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2019-08-20 | CVE-2019-4120 | Cross-site Scripting vulnerability in IBM Cloud Private IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. | 5.4 |
| 2019-08-20 | CVE-2019-4485 | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
| 2019-08-20 | CVE-2019-4484 | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
| 2019-08-20 | CVE-2019-4425 | Unspecified vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. | 5.7 |