Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4157 | 1 Ibm | 1 Qradar Network Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | |||||
CVE-2022-22334 | 1 Ibm | 1 Robotic Process Automation | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. | |||||
CVE-2022-31774 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. | |||||
CVE-2022-35285 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | N/A | 8.8 HIGH |
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. | |||||
CVE-2022-22505 | 1 Ibm | 1 Robotic Process Automation | 2024-02-28 | N/A | 7.5 HIGH |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. | |||||
CVE-2021-39015 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655. | |||||
CVE-2022-35643 | 1 Ibm | 1 Powervm Virtual I\/o Server | 2024-02-28 | N/A | 9.1 CRITICAL |
IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. | |||||
CVE-2022-22477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. | |||||
CVE-2022-22450 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-02-28 | N/A | 3.8 LOW |
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | |||||
CVE-2022-22476 | 1 Ibm | 2 Open Liberty, Websphere Application Server | 2024-02-28 | 6.0 MEDIUM | 8.8 HIGH |
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. | |||||
CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | |||||
CVE-2022-22473 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. | |||||
CVE-2020-4159 | 1 Ibm | 1 Qradar Network Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339. | |||||
CVE-2022-34166 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. | |||||
CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | |||||
CVE-2022-34329 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. | |||||
CVE-2022-34313 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 3.1 LOW |
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. | |||||
CVE-2022-33169 | 1 Ibm | 1 Robotic Process Automation | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. | |||||
CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | |||||
CVE-2021-39018 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. |