Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2019-4718 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.0 IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. | 5.4 |
| 2020-03-19 | CVE-2020-4205 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. | 6.3 |
| 2020-03-19 | CVE-2020-4203 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. | 4.9 |
| 2020-03-18 | CVE-2020-4199 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-03-16 | CVE-2019-4719 | Unspecified vulnerability in IBM MQ and MQ Appliance IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. | 5.5 |
| 2020-03-16 | CVE-2019-4656 | Unspecified vulnerability in IBM MQ, MQ Appliance and Websphere MQ IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. | 6.5 |
| 2020-03-16 | CVE-2019-4619 | Information Exposure Through an Error Message vulnerability in IBM MQ and MQ Appliance IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. | 5.5 |
| 2020-03-16 | CVE-2019-4617 | Session Fixation vulnerability in IBM Cloud Automation Manager 3.2.1.0 IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.4 |
| 2020-03-10 | CVE-2020-4162 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2020-03-10 | CVE-2019-4608 | Cross-site Scripting vulnerability in IBM Tivoli Workload Scheduler 9.3 IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. | 5.4 |