Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20529 | 1 Ibm | 1 Control Center | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763. | |||||
CVE-2021-20505 | 1 Ibm | 1 Powervm Hypervisor | 2024-02-28 | 3.5 LOW | 4.4 MEDIUM |
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232 | |||||
CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
CVE-2021-20527 | 1 Ibm | 1 Resilient | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759. | |||||
CVE-2021-29683 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. | |||||
CVE-2021-20585 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. | |||||
CVE-2021-29676 | 1 Ibm | 1 Security Verify | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | |||||
CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 6.0 MEDIUM | 6.8 MEDIUM |
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | |||||
CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | |||||
CVE-2020-4562 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | |||||
CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | |||||
CVE-2021-20502 | 1 Ibm | 6 Engineering Insights, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 3 more | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059. | |||||
CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | |||||
CVE-2020-4985 | 1 Ibm | 1 Planning Analytics Local | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. | |||||
CVE-2021-20576 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. | |||||
CVE-2021-29880 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. | |||||
CVE-2021-29682 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 | |||||
CVE-2021-29681 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918. | |||||
CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. |