Vulnerabilities > IBM > Spectrum Control > 5.2.17.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2019-4138 | Insufficiently Protected Credentials vulnerability in IBM Spectrum Control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2019-05-29 | CVE-2019-4137 | Cross-site Scripting vulnerability in IBM Spectrum Control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2019-05-09 | CVE-2019-4072 | Insufficient Session Expiration vulnerability in IBM products IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. | 6.3 |
| 2019-05-09 | CVE-2019-4071 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. | 8.8 |