Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2020-4953 | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. | 4.0 |
| 2021-02-18 | CVE-2021-20445 | Insufficiently Protected Credentials vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. | 4.0 |
| 2021-02-18 | CVE-2021-20444 | Cross-site Scripting vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. | 4.3 |
| 2021-02-18 | CVE-2021-20443 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. | 6.5 |
| 2021-02-15 | CVE-2020-4955 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. | 5.2 |
| 2021-02-15 | CVE-2020-4954 | Session Fixation vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . | 4.8 |
| 2021-02-12 | CVE-2021-20412 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 5.0 |
| 2021-02-12 | CVE-2021-20411 | Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. | 4.8 |
| 2021-02-12 | CVE-2021-20406 | Inadequate Encryption Strength vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.9 |
| 2021-02-11 | CVE-2021-20405 | Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. | 5.0 |