Filtered by vendor Ibm
Subscribe
Search
Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2021-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
| CVE-2018-1985 | 2 Apple, Ibm | 2 Macos, Security Rapport | 2021-09-08 | 4.9 MEDIUM | 4.4 MEDIUM |
| IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. | |||||
| CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2021-09-08 | 1.9 LOW | 4.7 MEDIUM |
| In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. | |||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
| CVE-2021-29743 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. | |||||
| CVE-2021-29728 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Zseries and 5 more | 2021-09-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. | |||||
| CVE-2021-29744 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | |||||
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | |||||
| CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2021-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | |||||
| CVE-2021-20420 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. | |||||
| CVE-2021-20349 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-08-17 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599. | |||||
| CVE-2021-29739 | 1 Ibm | 1 Planning Analytics Local | 2021-08-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | |||||
| CVE-2021-29714 | 1 Ibm | 1 Content Navigator | 2021-08-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. | |||||
| CVE-2020-4707 | 1 Ibm | 1 Api Connect | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | |||||
| CVE-2021-29697 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | |||||
| CVE-2021-20505 | 1 Ibm | 1 Powervm Hypervisor | 2021-08-09 | 3.5 LOW | 4.4 MEDIUM |
| The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232 | |||||
| CVE-2020-4623 | 2 Ibm, Microsoft | 2 I2 Ibase, Windows | 2021-08-04 | 4.4 MEDIUM | 6.5 MEDIUM |
| IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984. | |||||
| CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341. | |||||
| CVE-2020-5004 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. | |||||
| CVE-2020-4974 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2021-08-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. | |||||
| CVE-2021-20431 | 3 Ibm, Linux, Microsoft | 3 I2 Analysts Notebook, Linux Kernel, Windows | 2021-08-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342. | |||||
| CVE-2021-20560 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling Connect Direct User Interface and 3 more | 2021-08-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-29767 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681. | |||||
| CVE-2021-29769 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769. | |||||
| CVE-2021-29770 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771. | |||||
| CVE-2021-29784 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168. | |||||
| CVE-2021-29749 | 1 Ibm | 2 Secure External Authentication Server, Secure Proxy | 2021-07-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777. | |||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Zseries and 3 more | 2021-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | |||||
| CVE-2020-5031 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2021-07-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738. | |||||
| CVE-2021-20507 | 1 Ibm | 7 Engineering Lifecycle Optimization, Engineering Requirements Quality Assistant On-premises, Engineering Workflow Management and 4 more | 2021-07-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235. | |||||
| CVE-2021-29780 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-07-26 | 6.5 MEDIUM | 4.7 MEDIUM |
| IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085. | |||||
| CVE-2020-4151 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201. | |||||
| CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | |||||
| CVE-2020-4644 | 1 Ibm | 1 Planning Analytics Local | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716. | |||||
| CVE-2020-4461 | 1 Ibm | 1 Security Access Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. | |||||
| CVE-2020-4249 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. | |||||
| CVE-2020-4260 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639. | |||||
| CVE-2019-4478 | 1 Ibm | 1 Maximo Asset Management | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | |||||
| CVE-2020-4233 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. | |||||
| CVE-2020-4413 | 1 Ibm | 1 Security Secret Server | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. | |||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | |||||
| CVE-2019-4735 | 2 Apple, Ibm | 2 Iphone Os, Maas360 | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705. | |||||
| CVE-2020-4382 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. | |||||
| CVE-2020-4625 | 1 Ibm | 1 Cloud Pak For Security | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||
| CVE-2020-4355 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507. | |||||
| CVE-2019-4045 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. | |||||
| CVE-2020-4187 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. | |||||
| CVE-2019-4286 | 1 Ibm | 1 Maximo Anywhere | 2021-07-21 | 2.1 LOW | 4.3 MEDIUM |
| IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. | |||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | |||||