Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-08 CVE-2020-4152 Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Network Security
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques.
network
high complexity
ibm CWE-319
5.9
5.9
2021-11-08 CVE-2020-4153 Cross-site Scripting vulnerability in IBM Qradar Network Security
IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-11-08 CVE-2020-4160 Unspecified vulnerability in IBM Qradar Network Security
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm
5.9
5.9
2021-11-08 CVE-2021-29735 Cross-site Scripting vulnerability in IBM Security Guardium
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-11-08 CVE-2021-29843 Unspecified vulnerability in IBM MQ Appliance
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties.
network
low complexity
ibm
6.5
6.5
2021-11-05 CVE-2021-29753 Cleartext Transmission of Sensitive Information vulnerability in IBM products
IBM Business Automation Workflow 18.
network
high complexity
ibm CWE-319
5.9
5.9
2021-11-02 CVE-2021-29738 Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
5.4
2021-11-02 CVE-2021-29771 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-10-27 CVE-2021-20526 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2021-10-27 CVE-2021-29673 Cross-site Scripting vulnerability in IBM products
IBM Jazz Team Server products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4