Filtered by vendor Ibm
Subscribe
Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20500 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | |||||
| CVE-2021-20439 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | |||||
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
| CVE-2020-4792 | 1 Ibm | 1 Edge Application Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. | |||||
| CVE-2021-20487 | 1 Ibm | 18 8335-gth, 8335-gtx, 9008-22l and 15 more | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
| IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | |||||
| CVE-2021-29775 | 1 Ibm | 2 Business Automation Workflow, Cloud Pak For Automation | 2024-02-28 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029. | |||||
| CVE-2021-20399 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073. | |||||
| CVE-2021-20401 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075. | |||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | |||||
| CVE-2020-4706 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | |||||
| CVE-2021-20517 | 1 Ibm | 1 Websphere Application Server Nd | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435. | |||||
| CVE-2020-5030 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737. | |||||
| CVE-2021-29744 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | |||||
| CVE-2021-29740 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474. | |||||
| CVE-2021-20532 | 2 Ibm, Microsoft | 3 Spectrum Protect Backup-archive Client, Spectrum Protect For Virtual Environments, Windows | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. | |||||
| CVE-2020-4520 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395. | |||||
| CVE-2021-29706 | 1 Ibm | 1 Aix | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663. | |||||
| CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | |||||