IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.