Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2019-4291 | Inadequate Encryption Strength vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. | 6.5 |
| 2022-02-16 | CVE-2019-4351 | Unspecified vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. low complexity ibm | 4.6 |
| 2022-02-14 | CVE-2021-39079 | Cross-site Scripting vulnerability in IBM Cognos Analytics Mobile IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. | 5.4 |
| 2022-02-14 | CVE-2021-39080 | Unspecified vulnerability in IBM Cognos Analytics Mobile Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. | 6.5 |
| 2022-02-02 | CVE-2021-39021 | Information Exposure Through Discrepancy vulnerability in IBM Guardium Data Encryption 5.0.0.2 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. | 5.3 |
| 2022-01-26 | CVE-2021-29838 | Information Exposure vulnerability in IBM Security Guardium Insights 3.0.0 IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2022-01-20 | CVE-2021-29785 | Unspecified vulnerability in IBM Soar IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2022-01-19 | CVE-2022-22310 | Unspecified vulnerability in IBM Websphere Application Server 21.0.0.10/21.0.0.12 IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. | 6.5 |
| 2022-01-18 | CVE-2021-29872 | Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-01-14 | CVE-2021-39032 | Information Exposure Through Log Files vulnerability in IBM Sterling Gentran 5.3 IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |