Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38947 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. | |||||
CVE-2021-20485 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. | |||||
CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | |||||
CVE-2021-38990 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | |||||
CVE-2021-39048 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Spectrum Protect Backup-archive Client and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. | |||||
CVE-2021-29820 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347. | |||||
CVE-2021-38876 | 1 Ibm | 1 I | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. | |||||
CVE-2021-39052 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. | |||||
CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
CVE-2021-38984 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. | |||||
CVE-2021-39021 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856. | |||||
CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | |||||
CVE-2021-29908 | 1 Ibm | 2 Ts7700, Ts7700 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. | |||||
CVE-2021-39058 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. | |||||
CVE-2021-20571 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. | |||||
CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
CVE-2021-38974 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. | |||||
CVE-2021-38950 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. | |||||
CVE-2021-38961 | 1 Ibm | 6 Power System Ac922 \(8335-gtc\), Power System Ac922 \(8335-gtc\) Firmware, Power System Ac922 \(8335-gtg\) and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049. | |||||
CVE-2021-29904 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. |