IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.
ibm
CVE-2019-4227
IBM MQ 8.0.0.4 – 8.0.0.12, 9.0.0.0 – 9.0.0.6, 9.1.0.0 – 9.1.0.2, and 9.1.0 – 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
CVE-2019-4236
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.
CVE-2019-4239
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
CVE-2019-4258
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946.
CVE-2019-4140
IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.