Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29708 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883. | |||||
CVE-2021-29802 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | |||||
CVE-2021-20419 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280. | |||||
CVE-2021-29688 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. | |||||
CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | |||||
CVE-2020-4811 | 1 Ibm | 1 Cloud Pak For Security | 2024-02-28 | 4.0 MEDIUM | 2.4 LOW |
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation. | |||||
CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | |||||
CVE-2021-29784 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168. | |||||
CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | |||||
CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Ibm Z and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | |||||
CVE-2021-20423 | 1 Ibm | 1 Cloud Pak For Applications | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | |||||
CVE-2021-29704 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
CVE-2020-4885 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. | |||||
CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2020-4657 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. | |||||
CVE-2020-4395 | 1 Ibm | 1 Security Access Manager Appliance | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. | |||||
CVE-2020-4952 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028. | |||||
CVE-2020-4618 | 1 Ibm | 1 Data Risk Manager | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937. | |||||
CVE-2020-4942 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. | |||||
CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. |