Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-17 | CVE-2020-4670 | Improper Authentication vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a Redis server. | 6.4 |
| 2021-05-17 | CVE-2021-29747 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. | 5.0 |
| 2021-05-14 | CVE-2020-4811 | Improper Input Validation vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation. | 4.0 |
| 2021-05-14 | CVE-2020-4985 | Information Exposure vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. | 5.0 |
| 2021-05-14 | CVE-2021-20392 | Cross-site Scripting vulnerability in IBM Qradar User Behavior Analytics 1.0.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. | 4.3 |
| 2021-05-14 | CVE-2021-20393 | Information Exposure Through an Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.0 |
| 2021-05-14 | CVE-2021-20564 | Information Exposure vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2021-05-14 | CVE-2021-20565 | Improper Input Validation vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. | 5.0 |
| 2021-05-13 | CVE-2021-20535 | Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). | 5.5 |