Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-4056 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. | 4.3 |
| 2019-06-06 | CVE-2018-2028 | Cleartext Storage of Sensitive Information vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. | 6.5 |
| 2019-05-29 | CVE-2019-4264 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. | 5.9 |
| 2019-05-29 | CVE-2019-4138 | Insufficiently Protected Credentials vulnerability in IBM Spectrum Control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2019-05-29 | CVE-2019-4137 | Cross-site Scripting vulnerability in IBM Spectrum Control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. | 4.3 |
| 2019-05-23 | CVE-2019-4039 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. | 5.5 |
| 2019-05-22 | CVE-2018-1991 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. | 4.0 |
| 2019-05-20 | CVE-2019-4293 | Unspecified vulnerability in IBM Storwize Unified V7000 Software IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. | 5.3 |
| 2019-05-20 | CVE-2019-4058 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. | 6.5 |
| 2019-05-20 | CVE-2019-4011 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. | 5.4 |