Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2019-4461 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. | 5.4 |
| 2019-10-25 | CVE-2019-4400 | Path Traversal vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. | 4.3 |
| 2019-10-25 | CVE-2019-4396 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 5.4 |
| 2019-10-24 | CVE-2019-4486 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-10-24 | CVE-2019-4459 | Cross-site Scripting vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2019-10-24 | CVE-2019-4397 | Information Exposure vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. | 6.5 |
| 2019-10-14 | CVE-2019-4572 | Information Exposure Through Log Files vulnerability in IBM Filenet Content Manager 5.5.2/5.5.3 IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. | 4.4 |
| 2019-10-09 | CVE-2019-4512 | Information Exposure Through an Error Message vulnerability in IBM products IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
| 2019-10-04 | CVE-2019-4564 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2019-10-04 | CVE-2019-4514 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. | 5.3 |