Filtered by vendor Ibm
Subscribe
Total
7127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20464 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. | |||||
| CVE-2022-22502 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. | |||||
| CVE-2019-4291 | 1 Ibm | 1 Maximo Anywhere | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697. | |||||
| CVE-2022-31769 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. | |||||
| CVE-2022-22320 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367. | |||||
| CVE-2022-22354 | 2 Ibm, Linux | 3 Spectrum Copy Data Management, Spectrum Protect Plus, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. | |||||
| CVE-2021-38886 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. | |||||
| CVE-2022-22478 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. | |||||
| CVE-2022-22351 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 | |||||
| CVE-2022-22309 | 1 Ibm | 2 Power System S922, Power System S922 Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. | |||||
| CVE-2022-22346 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. | |||||
| CVE-2021-38955 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | |||||
| CVE-2021-20421 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2021-39038 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. | |||||
| CVE-2022-22345 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. | |||||
| CVE-2022-22481 | 1 Ibm | 1 I | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. | |||||
| CVE-2021-39025 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. | |||||
| CVE-2021-38941 | 2 Ibm, Linux | 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. | |||||
| CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | |||||
| CVE-2022-22391 | 1 Ibm | 2 Aspera High-speed Transfer Endpoint, Aspera High-speed Transfer Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. | |||||