Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20365 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036. | |||||
| CVE-2021-20366 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037. | |||||
| CVE-2021-20368 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357. | |||||
| CVE-2021-20369 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | |||||
| CVE-2021-20422 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. | |||||
| CVE-2021-20423 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | |||||
| CVE-2021-20424 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309. | |||||
| CVE-2021-29792 | 1 Ibm | 1 Event Streams | 2021-07-14 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450. | |||||
| CVE-2021-20414 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. | |||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2021-07-14 | 6.8 MEDIUM | 8.8 HIGH |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | |||||
| CVE-2021-20474 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | |||||
| CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | |||||
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
| CVE-2021-20417 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 | |||||
| CVE-2021-20378 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709. | |||||
| CVE-2020-4902 | 2 Ibm, Microsoft | 2 Datacap Navigator, Windows | 2021-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045. | |||||
| CVE-2020-4935 | 2 Ibm, Microsoft | 2 Datacap Navigator, Windows | 2021-07-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753. | |||||
| CVE-2021-20574 | 1 Ibm | 1 Security Identity Manager Adapter | 2021-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. | |||||
| CVE-2021-29775 | 1 Ibm | 2 Business Automation Workflow, Cloud Pak For Automation | 2021-07-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029. | |||||
| CVE-2021-20572 | 2 Ibm, Microsoft | 2 Security Identity Manager Adapter, Windows | 2021-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. | |||||