Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2020-4628 | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security 1.3.0.1/1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-01-26 | CVE-2020-4949 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-01-22 | CVE-2020-4766 | Resource Exhaustion vulnerability in IBM MQ Internet Pass-Thru 2.1/9.2 IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. | 5.0 |
| 2021-01-21 | CVE-2020-4969 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2021-01-21 | CVE-2020-4966 | Link Following vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2021-01-20 | CVE-2020-4983 | Command Injection vulnerability in IBM Spectrum LSF and Spectrum LSF Suite IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. | 4.6 |
| 2021-01-20 | CVE-2020-4921 | SQL Injection vulnerability in IBM Security Guardium 10.6/11.2 IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. | 6.5 |
| 2021-01-19 | CVE-2020-4881 | Origin Validation Error vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. | 5.0 |
| 2021-01-19 | CVE-2020-4873 | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 5.0 |
| 2021-01-13 | CVE-2020-4600 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |