Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | |||||
CVE-2021-29687 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018 | |||||
CVE-2021-20454 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649. | |||||
CVE-2020-4964 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. | |||||
CVE-2021-29757 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168. | |||||
CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
CVE-2021-29691 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. | |||||
CVE-2019-4471 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | |||||
CVE-2021-29851 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. | |||||
CVE-2021-29780 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-02-28 | 6.5 MEDIUM | 4.7 MEDIUM |
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085. | |||||
CVE-2021-29702 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. | |||||
CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. | |||||
CVE-2021-20534 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 4.9 MEDIUM | 3.5 LOW |
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 | |||||
CVE-2021-29805 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204263. | |||||
CVE-2020-4965 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. | |||||
CVE-2020-4901 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992. | |||||
CVE-2021-20498 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. | |||||
CVE-2020-4932 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748. | |||||
CVE-2021-20397 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196017. |