Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29713 | 1 Ibm | 5 Engineering Lifecycle Optimization, Rational Collaborative Lifecycle Management, Rational Doors Next Generation and 2 more | 2021-10-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2021-20526 | 1 Ibm | 1 Planning Analytics | 2021-10-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. | |||||
| CVE-2021-29673 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2021-10-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482. | |||||
| CVE-2021-38896 | 2 Ibm, Linux | 2 Qradar Advisor, Linux Kernel | 2021-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566. | |||||
| CVE-2021-29835 | 1 Ibm | 1 Business Automation Workflow | 2021-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833. | |||||
| CVE-2021-29912 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2021-10-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. | |||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2021-10-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | |||||
| CVE-2021-29878 | 1 Ibm | 1 Business Automation Workflow | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. | |||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | |||||
| CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | |||||
| CVE-2020-4944 | 1 Ibm | 1 Urbancode Deploy | 2021-10-18 | 2.1 LOW | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. | |||||
| CVE-2021-20489 | 1 Ibm | 1 Sterling File Gateway | 2021-10-16 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. | |||||
| CVE-2021-20481 | 1 Ibm | 1 Sterling File Gateway | 2021-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503. | |||||
| CVE-2021-20473 | 1 Ibm | 1 Sterling File Gateway | 2021-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. | |||||
| CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2021-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | |||||
| CVE-2021-20561 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. | |||||
| CVE-2021-20375 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. | |||||
| CVE-2021-20372 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518. | |||||
| CVE-2021-20571 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. | |||||
| CVE-2021-29906 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2021-10-15 | 1.9 LOW | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. | |||||
| CVE-2021-20584 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | |||||
| CVE-2021-29700 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. | |||||
| CVE-2021-29798 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. | |||||
| CVE-2021-29836 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912. | |||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | |||||
| CVE-2021-29855 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. | |||||
| CVE-2021-29903 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. | |||||
| CVE-2021-38925 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | |||||
| CVE-2021-38923 | 1 Ibm | 2 Powervm Hypervisor, Powervm Hypervisor Firmware | 2021-10-14 | 6.5 MEDIUM | 9.1 CRITICAL |
| IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. | |||||
| CVE-2021-29761 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265. | |||||
| CVE-2021-29894 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2021-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | |||||
| CVE-2021-20578 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | |||||
| CVE-2021-29834 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2021-10-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. | |||||
| CVE-2021-20554 | 1 Ibm | 1 Sterling Order Management | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. | |||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | |||||
| CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. | |||||
| CVE-2021-29795 | 1 Ibm | 1 Powervm Hypervisor | 2021-09-29 | 4.9 MEDIUM | 6.0 MEDIUM |
| IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557. | |||||
| CVE-2021-20377 | 1 Ibm | 1 Security Guardium | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. | |||||
| CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2021-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | |||||
| CVE-2020-4690 | 1 Ibm | 1 Security Guardium | 2021-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. | |||||
| CVE-2021-20484 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. | |||||
| CVE-2021-20435 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. | |||||
| CVE-2021-20434 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. | |||||
| CVE-2021-29800 | 1 Ibm | 2 Jazz For Service Management, Tivoli Netcool\/omnibus Webgui | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2021-20563 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. | |||||
| CVE-2021-20485 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. | |||||
| CVE-2021-29742 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | |||||
| CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.0 MEDIUM | 6.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | |||||
| CVE-2021-20524 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. | |||||