Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-27 | CVE-2021-20448 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. | 5.4 |
| 2021-04-27 | CVE-2021-20550 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. | 5.4 |
| 2021-04-26 | CVE-2021-20536 | Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus 10.1.6/10.1.7 IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. | 6.2 |
| 2021-04-26 | CVE-2021-20432 | Unspecified vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 6.5 |
| 2021-04-26 | CVE-2021-20546 | Out-of-bounds Write vulnerability in IBM products IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 5.5 |
| 2021-04-26 | CVE-2020-4562 | Unspecified vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | 5.3 |
| 2021-04-16 | CVE-2021-20491 | Out-of-bounds Write vulnerability in IBM Spectrum Protect IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. | 4.4 |
| 2021-04-12 | CVE-2021-20519 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to cross-site scripting. | 5.4 |
| 2021-04-12 | CVE-2020-4964 | Unspecified vulnerability in IBM products IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. | 4.3 |
| 2021-04-12 | CVE-2020-4920 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to stored cross-site scripting. | 5.4 |