Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.3 |
| 2020-02-24 | CVE-2019-4703 | Unspecified vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. high complexity ibm | 5.3 |
| 2020-02-24 | CVE-2019-4595 | Open Redirect vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2020-02-20 | CVE-2019-4583 | Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1 IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. | 4.3 |
| 2020-02-19 | CVE-2020-4230 | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. | 6.7 |
| 2020-02-19 | CVE-2020-4200 | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. | 6.5 |
| 2020-02-19 | CVE-2020-4161 | Unspecified vulnerability in IBM DB2 11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. | 6.5 |
| 2020-02-19 | CVE-2019-4457 | Unspecified vulnerability in IBM Jazz Foundation IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. | 6.5 |
| 2020-02-19 | CVE-2019-4429 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. | 5.4 |
| 2020-02-18 | CVE-2012-0718 | Unspecified vulnerability in IBM Tivoli Endpoint Manager 8.0 IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. | 5.4 |