Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20561 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. | |||||
CVE-2021-38958 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042 | |||||
CVE-2021-38901 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. | |||||
CVE-2021-38925 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | |||||
CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | |||||
CVE-2021-38909 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. | |||||
CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | |||||
CVE-2021-29868 | 1 Ibm | 1 I2 Ibase | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213. | |||||
CVE-2021-39064 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. | |||||
CVE-2021-29811 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329. | |||||
CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
CVE-2021-38980 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. | |||||
CVE-2021-39070 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. | |||||
CVE-2021-39050 | 1 Ibm | 1 I2 Analysts Notebook | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440. | |||||
CVE-2021-38981 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. | |||||
CVE-2021-29894 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | |||||
CVE-2021-20526 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. | |||||
CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
CVE-2021-38883 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. |