Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-19 | CVE-2021-20529 | Unspecified vulnerability in IBM Control Center 6.2.0.0 IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. | 5.3 |
| 2021-05-14 | CVE-2021-20392 | Cross-site Scripting vulnerability in IBM Qradar User Behavior Analytics 1.0.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.3 |
| 2021-05-14 | CVE-2021-20564 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-05-14 | CVE-2021-20565 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. | 5.3 |
| 2021-05-13 | CVE-2021-20535 | Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2021-05-11 | CVE-2020-4535 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-05-11 | CVE-2020-4536 | Information Exposure Through an Error Message vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2021-05-10 | CVE-2021-20559 | Cross-site Scripting vulnerability in IBM Control Desk 7.6.1.2/7.6.1.3 IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2021-05-10 | CVE-2021-20577 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. | 6.1 |