Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20401 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075.
|
|||||
| CVE-2021-20400 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
|
|||||
| CVE-2021-20399 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.
|
|||||
| CVE-2021-20397 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196017.
|
|||||
| CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
|
|||||
| CVE-2021-20393 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.
|
|||||
| CVE-2021-20392 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
|
|||||
| CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.
|
|||||
| CVE-2021-20386 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.
|
|||||
| CVE-2021-20385 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.
|
|||||
| CVE-2021-20380 | 1 Ibm | 1 Qradar Advisor With Watson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.
|
|||||
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.
|
|||||
| CVE-2021-20378 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.
|
|||||
| CVE-2021-20377 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.
|
|||||
| CVE-2021-20376 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.
|
|||||
| CVE-2021-20375 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.
|
|||||
| CVE-2021-20374 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522.
|
|||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
|
|||||
| CVE-2021-20372 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.
|
|||||
| CVE-2021-20371 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
|
|||||
| CVE-2021-20369 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
|
|||||
| CVE-2021-20368 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.
|
|||||
| CVE-2021-20366 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037.
|
|||||
| CVE-2021-20365 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036.
|
|||||
| CVE-2021-20364 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035.
|
|||||
| CVE-2021-20363 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195034.
|
|||||
| CVE-2021-20362 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033.
|
|||||
| CVE-2021-20361 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032.
|
|||||
| CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.
|
|||||
| CVE-2021-20359 | 1 Ibm | 1 Cloud Pak For Automation | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
|
|||||
| CVE-2021-20358 | 1 Ibm | 1 Cloud Pak For Automation | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.
|
|||||
| CVE-2021-20357 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
|
|||||
| CVE-2021-20355 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.
|
|||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
|
|||||
| CVE-2021-20353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
|
|||||
| CVE-2021-20352 | 1 Ibm | 6 Engineering Insights, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.
|
|||||
| CVE-2021-20351 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
|
|||||
| CVE-2021-20350 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
|
|||||
| CVE-2021-20349 | 1 Ibm | 1 Tivoli Workload Scheduler | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.
|
|||||