Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-12 | CVE-2020-4964 | Unspecified vulnerability in IBM products IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. | 4.0 |
| 2021-04-12 | CVE-2020-4920 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to stored cross-site scripting. | 4.3 |
| 2021-04-08 | CVE-2021-20480 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). | 4.0 |
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2021-03-30 | CVE-2021-20482 | XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2021-03-30 | CVE-2020-4848 | Unspecified vulnerability in IBM Urbancode Deploy 6.2.7.9/7.0.5.4/7.1.1.1 IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. | 5.5 |
| 2021-03-24 | CVE-2020-5015 | Unspecified vulnerability in IBM Elastic Storage Server and Elastic Storage System IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. | 5.0 |
| 2021-03-22 | CVE-2020-4882 | Server-Side Request Forgery (SSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . | 5.8 |
| 2021-03-19 | CVE-2020-4635 | Unspecified vulnerability in IBM Soar 40.0 IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | 5.0 |
| 2021-03-15 | CVE-2021-20440 | Unspecified vulnerability in IBM API Connect IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. | 4.0 |