Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-4736 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager for Multiplatform 3.0.0.0 IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-20 | CVE-2019-4555 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-20 | CVE-2019-4231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-16 | CVE-2019-4560 | Unspecified vulnerability in IBM MQ Appliance IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. | 6.5 |
| 2019-12-16 | CVE-2019-4444 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. | 5.5 |
| 2019-12-13 | CVE-2019-4426 | Cross-site Scripting vulnerability in IBM Business Automation Workflow and Case Manager The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-11 | CVE-2019-4665 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-10 | CVE-2019-4663 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-10 | CVE-2019-4095 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-09 | CVE-2019-4611 | Cross-site Scripting vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. | 5.4 |