Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-30 | CVE-2019-4423 | Path Traversal vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2019-09-30 | CVE-2019-4305 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. | 5.3 |
| 2019-09-30 | CVE-2019-4304 | Session Fixation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. | 6.3 |
| 2019-09-30 | CVE-2019-4280 | Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. | 5.3 |
| 2019-09-30 | CVE-2019-4115 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-30 | CVE-2019-4109 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2019-09-30 | CVE-2019-4106 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. | 4.8 |
| 2019-09-27 | CVE-2019-4141 | Memory Leak vulnerability in IBM Websphere MQ and Websphere MQ Appliance IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. | 6.5 |
| 2019-09-26 | CVE-2019-4378 | Unspecified vulnerability in IBM MQ IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. | 6.5 |
| 2019-09-26 | CVE-2019-4262 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). | 5.3 |