Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-14 | CVE-2019-4403 | Cross-site Scripting vulnerability in IBM Connections 6.0 IBM Connections 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2019-06-14 | CVE-2019-4381 | Credentials Management vulnerability in IBM I 7.2/7.3 IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. | 5.5 |
| 2019-06-14 | CVE-2019-4239 | Insufficiently Protected Credentials vulnerability in IBM Cloud Private IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2019-06-07 | CVE-2019-4070 | Cross-site Scripting vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. | 5.4 |
| 2019-06-07 | CVE-2019-4066 | Unspecified vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. | 6.5 |
| 2019-06-06 | CVE-2019-4257 | Information Exposure Through an Error Message vulnerability in IBM products IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. | 4.3 |
| 2019-06-06 | CVE-2019-4219 | Information Exposure Through an Error Message vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. | 5.3 |
| 2019-06-06 | CVE-2019-4217 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2019-06-06 | CVE-2019-4220 | Use of Hard-coded Credentials vulnerability in IBM products IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. | 5.5 |
| 2019-06-06 | CVE-2019-4201 | Open Redirect vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |