Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39072 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2022-04-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581. | |||||
| CVE-2021-39076 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. | |||||
| CVE-2021-39078 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2022-04-27 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. | |||||
| CVE-2019-4729 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-04-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | |||||
| CVE-2022-22391 | 1 Ibm | 2 Aspera High-speed Transfer Endpoint, Aspera High-speed Transfer Server | 2022-04-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. | |||||
| CVE-2019-4101 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091. | |||||
| CVE-2020-4271 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-04-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897. | |||||
| CVE-2020-4272 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-04-18 | 6.5 MEDIUM | 8.8 HIGH |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898. | |||||
| CVE-2022-22356 | 1 Ibm | 1 Mq Appliance | 2022-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | |||||
| CVE-2022-22355 | 1 Ibm | 1 Mq Appliance | 2022-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. | |||||
| CVE-2021-38930 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. | |||||
| CVE-2022-22410 | 1 Ibm | 1 Watson Query | 2022-04-15 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763. | |||||
| CVE-2022-22339 | 1 Ibm | 1 Planning Analytics | 2022-04-15 | 6.5 MEDIUM | 7.3 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | |||||
| CVE-2021-38929 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. | |||||
| CVE-2021-39068 | 1 Ibm | 1 Curam Social Program Management | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. | |||||
| CVE-2020-4668 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | |||||
| CVE-2022-22332 | 1 Ibm | 1 Partner Engagement Manager | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. | |||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2022-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | |||||
| CVE-2022-22327 | 1 Ibm | 1 Urbancode Deploy | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. | |||||
| CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2022-04-11 | 1.9 LOW | 4.7 MEDIUM |
| In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. | |||||