Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-4896 | HTTP Request Smuggling vulnerability in IBM Emptoris Sourcing 10.1.0.0 IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. | 6.4 |
| 2021-01-07 | CVE-2020-4893 | Cleartext Transmission of Sensitive Information vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. | 4.3 |
| 2021-01-06 | CVE-2020-4336 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. | 5.0 |
| 2021-01-05 | CVE-2020-4899 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. | 6.4 |
| 2021-01-05 | CVE-2020-4762 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. | 6.5 |
| 2021-01-05 | CVE-2020-4761 | Information Exposure Through an Error Message vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-01-04 | CVE-2020-4942 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.11.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2021-01-04 | CVE-2020-4928 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. | 4.6 |
| 2021-01-04 | CVE-2020-4919 | Improper Privilege Management vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. | 5.5 |
| 2021-01-04 | CVE-2020-4917 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |