Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2020-4827 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-04 | CVE-2020-4826 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-02 | CVE-2020-4934 | Path Traversal vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2021-01-27 | CVE-2020-4789 | Path Traversal vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. | 4.0 |
| 2021-01-27 | CVE-2020-4786 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). | 4.0 |
| 2021-01-27 | CVE-2020-4189 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. | 4.0 |
| 2021-01-27 | CVE-2020-4967 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. | 4.0 |
| 2021-01-27 | CVE-2020-4820 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. | 4.3 |
| 2021-01-27 | CVE-2020-4816 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2021-01-27 | CVE-2020-4815 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | 5.0 |