Vulnerabilities > IBM > Security Information Queue > 1.0.5

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2020-4291 Session Fixation vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI.
network
low complexity
ibm CWE-384
4.3
4.3
2020-04-08 CVE-2020-4290 Authentication Bypass by Spoofing vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access.
network
low complexity
ibm CWE-290
5.4
5.4
2020-04-08 CVE-2020-4289 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2020-04-08 CVE-2020-4284 Insufficient Session Expiration vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI.
network
low complexity
ibm CWE-613
5.3
5.3
2020-04-08 CVE-2020-4282 Improper Encoding or Escaping of Output vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions.
network
low complexity
ibm CWE-116
4.3
4.3
2020-04-08 CVE-2020-4164 Information Exposure Through an Error Message vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system.
network
low complexity
ibm CWE-209
2.7
2.7