Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-20 | CVE-2021-29682 | Information Exposure Through an Error Message vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-05-20 | CVE-2021-29683 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. | 4.0 |
| 2021-05-20 | CVE-2021-29686 | Unspecified vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. | 6.5 |
| 2021-05-20 | CVE-2021-29687 | Information Exposure Through Discrepancy vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.0 |
| 2021-05-20 | CVE-2021-29688 | Information Exposure Through an Error Message vulnerability in IBM Security Identity Manager 6.0.2/7.0.2 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-05-20 | CVE-2021-29691 | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 5.0 |
| 2021-05-20 | CVE-2021-29692 | Unspecified vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. network ibm | 4.3 |
| 2021-05-19 | CVE-2020-4646 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control. | 4.0 |
| 2021-05-19 | CVE-2021-20529 | Information Exposure vulnerability in IBM Control Center 6.2.0.0 IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. | 5.0 |
| 2021-05-17 | CVE-2020-4669 | Missing Authorization vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a MongoDB server. | 6.4 |