Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39076 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. | |||||
| CVE-2021-39078 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2022-04-27 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. | |||||
| CVE-2019-4729 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-04-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | |||||
| CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | |||||
| CVE-2021-39034 | 2 Ibm, Oracle | 2 Mq, Solaris | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964. | |||||
| CVE-2019-4291 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697. | |||||
| CVE-2019-4351 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 4.6 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493. | |||||
| CVE-2019-4352 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2021-39079 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. | |||||
| CVE-2021-38960 | 1 Ibm | 6 Power Hardware Management Console \(7063-cr2\), Power Hardware Management Console \(7063-cr2\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||||
| CVE-2021-39044 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. | |||||
| CVE-2021-39066 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. | |||||
| CVE-2021-39021 | 1 Ibm | 1 Guardium Data Encryption | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856. | |||||
| CVE-2021-29845 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. | |||||
| CVE-2021-29838 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2021-39031 | 1 Ibm | 1 Websphere Application Server | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. | |||||
| CVE-2020-4876 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. | |||||
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | |||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | |||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | |||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2022-01-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | |||||
| CVE-2021-29872 | 1 Ibm | 1 Cloud Pak For Automation | 2022-01-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. | |||||
| CVE-2021-38965 | 1 Ibm | 1 Filenet Content Manager | 2022-01-22 | 9.0 HIGH | 8.8 HIGH |
| IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346. | |||||
| CVE-2021-39056 | 1 Ibm | 1 I | 2022-01-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. | |||||
| CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2022-01-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | |||||
| CVE-2001-0554 | 9 Debian, Freebsd, Ibm and 6 more | 11 Debian Linux, Freebsd, Aix and 8 more | 2022-01-21 | 10.0 HIGH | N/A |
| Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | |||||
| CVE-2021-39002 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2021-38931 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | |||||
| CVE-2021-29678 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 5.5 MEDIUM | 8.7 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. | |||||
| CVE-2021-38990 | 1 Ibm | 2 Aix, Vios | 2022-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | |||||
| CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
| CVE-2021-38956 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | |||||
| CVE-2021-38921 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | |||||
| CVE-2021-38895 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | |||||
| CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
| CVE-2021-38918 | 1 Ibm | 1 Powervm Hypervisor | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. | |||||
| CVE-2021-38876 | 1 Ibm | 1 I | 2022-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. | |||||
| CVE-2021-38961 | 1 Ibm | 6 Power System Ac922 \(8335-gtc\), Power System Ac922 \(8335-gtc\) Firmware, Power System Ac922 \(8335-gtg\) and 3 more | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049. | |||||
| CVE-2021-29756 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | |||||
| CVE-2021-20493 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. | |||||
| CVE-2021-20470 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. | |||||
| CVE-2021-38909 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. | |||||
| CVE-2019-4378 | 1 Ibm | 1 Mq | 2022-01-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. | |||||
| CVE-2019-4402 | 1 Ibm | 1 Api Connect | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | |||||
| CVE-2019-4049 | 1 Ibm | 1 Mq | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398. | |||||
| CVE-2019-4261 | 1 Ibm | 2 Mq, Websphere Mq | 2022-01-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013. | |||||
| CVE-2019-4119 | 1 Ibm | 1 Cloud Private | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. | |||||
| CVE-2019-4131 | 1 Ibm | 1 Cloud Application Performance Management | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. | |||||
| CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | |||||