Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4351 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 4.6 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2021-39079 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. | |||||
| CVE-2021-38960 | 1 Ibm | 6 Power Hardware Management Console \(7063-cr2\), Power Hardware Management Console \(7063-cr2\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||||
| CVE-2021-39044 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. | |||||
| CVE-2021-39066 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. | |||||
| CVE-2021-29846 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | |||||
| CVE-2021-29845 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. | |||||
| CVE-2021-29838 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2021-39031 | 1 Ibm | 1 Websphere Application Server | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. | |||||
| CVE-2020-4876 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. | |||||
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | |||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | |||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | |||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2022-01-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | |||||
| CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2022-01-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. | |||||
| CVE-2021-29872 | 1 Ibm | 1 Cloud Pak For Automation | 2022-01-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. | |||||
| CVE-2021-38965 | 1 Ibm | 1 Filenet Content Manager | 2022-01-21 | 9.0 HIGH | 8.8 HIGH |
| IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346. | |||||
| CVE-2021-39056 | 1 Ibm | 1 I | 2022-01-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. | |||||
| CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2022-01-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | |||||