Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-17 | CVE-2019-4119 | Unspecified vulnerability in IBM Cloud Private IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. | 5.0 |
| 2019-05-13 | CVE-2019-4259 | Unspecified vulnerability in IBM Spectrum Scale A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. | 5.5 |
| 2019-05-10 | CVE-2018-1990 | Information Exposure vulnerability in IBM Cloud APP Management 2018.2.0/2018.4.0/2018.4.1 IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. | 5.0 |
| 2019-05-10 | CVE-2018-1790 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2019-05-09 | CVE-2019-4072 | Insufficient Session Expiration vulnerability in IBM products IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. | 6.3 |
| 2019-05-07 | CVE-2018-2008 | Information Exposure vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. | 4.0 |
| 2019-05-07 | CVE-2018-2001 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2019-05-02 | CVE-2018-2015 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2019-05-01 | CVE-2019-4258 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1 IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. | 5.4 |
| 2019-05-01 | CVE-2018-1608 | Inadequate Encryption Strength vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |