Filtered by vendor Ibm
Subscribe
Total
7127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29818 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345. | |||||
| CVE-2021-38973 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-29861 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. | |||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | |||||
| CVE-2021-39053 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524. | |||||
| CVE-2021-29847 | 1 Ibm | 10 Power Hardware Management Console \(7063-cr1\), Power Hardware Management Console \(7063-cr1\) Firmware, Power System Cs821lc \(8005-12n\) and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. | |||||
| CVE-2021-38887 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. | |||||
| CVE-2021-29825 | 5 Ibm, Linux, Microsoft and 2 more | 6 Aix, Db2, Linux Kernel and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. | |||||
| CVE-2021-38959 | 2 Ibm, Microsoft | 2 Spss Statistics, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046. | |||||
| CVE-2021-20563 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. | |||||
| CVE-2021-38921 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | |||||
| CVE-2021-38875 | 1 Ibm | 1 Mq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. | |||||
| CVE-2021-39031 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. | |||||
| CVE-2021-38926 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | |||||
| CVE-2021-29856 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. | |||||
| CVE-2021-29888 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. | |||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | |||||
| CVE-2021-20584 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | |||||
| CVE-2021-20484 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. | |||||
| CVE-2021-38873 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. | |||||