Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29774 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. | |||||
CVE-2020-4160 | 1 Ibm | 1 Qradar Network Security | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. | |||||
CVE-2020-4654 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. | |||||
CVE-2021-38923 | 1 Ibm | 2 Powervm Hypervisor, Powervm Hypervisor Firmware | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. | |||||
CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. | |||||
CVE-2021-29761 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265. | |||||
CVE-2021-29679 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | |||||
CVE-2021-29814 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204334. | |||||
CVE-2021-29764 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268. | |||||
CVE-2021-20435 | 1 Ibm | 1 Security Verify Bridge | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. | |||||
CVE-2021-29878 | 1 Ibm | 1 Business Automation Workflow | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. | |||||
CVE-2020-4805 | 1 Ibm | 1 Edge Application Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||||
CVE-2020-4809 | 1 Ibm | 1 Edge Application Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||||
CVE-2021-38890 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. | |||||
CVE-2021-38956 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | |||||
CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | |||||
CVE-2021-20493 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. | |||||
CVE-2021-29817 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343. | |||||
CVE-2021-38960 | 1 Ibm | 6 Power Hardware Management Console \(7063-cr2\), Power Hardware Management Console \(7063-cr2\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||||
CVE-2021-29906 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. |