Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-25 | CVE-2019-4153 | Open Redirect vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.8 |
| 2019-06-25 | CVE-2019-4152 | Session Fixation vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. | 4.4 |
| 2019-06-25 | CVE-2019-4151 | Inadequate Encryption Strength vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2019-06-25 | CVE-2018-2013 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. | 5.3 |
| 2019-06-25 | CVE-2018-2011 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. | 5.3 |
| 2019-06-19 | CVE-2019-4385 | Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. | 6.5 |
| 2019-06-19 | CVE-2019-4384 | Path Traversal vulnerability in IBM Campaign 10.1/9.1.2 IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. | 4.3 |
| 2019-06-19 | CVE-2019-4303 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-06-19 | CVE-2017-1107 | Information Exposure vulnerability in IBM Marketing Platform IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. | 4.3 |
| 2019-06-17 | CVE-2019-4176 | Unspecified vulnerability in IBM Cognos Controller IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. | 5.3 |