Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-29670 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-06-01 | CVE-2019-4471 | Missing Encryption of Sensitive Data vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. | 6.5 |
| 2021-06-01 | CVE-2019-4653 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-01 | CVE-2019-4722 | Improper Handling of Exceptional Conditions vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. | 4.3 |
| 2021-06-01 | CVE-2020-4354 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-01 | CVE-2021-20585 | Information Exposure vulnerability in IBM Security Verify Access 20.07 IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. | 5.3 |
| 2021-05-26 | CVE-2021-20486 | Unspecified vulnerability in IBM Cloud PAK for Data 3.0 IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. | 6.5 |
| 2021-05-25 | CVE-2020-4839 | Out-of-bounds Write vulnerability in IBM products IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. | 4.9 |
| 2021-05-25 | CVE-2021-29695 | Path Traversal vulnerability in IBM products IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2021-05-25 | CVE-2021-29708 | Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. | 6.7 |