Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7460 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39047 2 Ibm, Netapp 3 Cognos Analytics, Planning Analytics, Oncommand Insight 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVE-2021-39046 1 Ibm 2 Business Automation Workflow, Business Process Manager 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
CVE-2021-39045 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A 5.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
CVE-2021-39044 1 Ibm 1 Financial Transaction Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210.
CVE-2021-39043 1 Ibm 1 Jazz Team Server 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032.
CVE-2021-39041 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.
CVE-2021-39040 1 Ibm 1 Planning Analytics Workspace 2024-11-21 6.0 MEDIUM 8.0 HIGH
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.
CVE-2021-39038 1 Ibm 1 Websphere Application Server 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVE-2021-39036 1 Ibm 1 Cognos Analytics 2024-11-21 N/A 6.1 MEDIUM
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966.
CVE-2021-39035 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more 2024-11-21 N/A 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965.
CVE-2021-39034 2 Ibm, Oracle 2 Mq, Solaris 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.
CVE-2021-39033 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963.
CVE-2021-39032 2 Ibm, Microsoft 2 Sterling Gentran, Windows 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.
CVE-2021-39031 1 Ibm 1 Websphere Application Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.
CVE-2021-39027 1 Ibm 1 Guardium Data Encryption 2024-11-21 4.0 MEDIUM 5.0 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.
CVE-2021-39026 1 Ibm 1 Guardium Data Encryption 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964.
CVE-2021-39025 1 Ibm 1 Guardium Data Encryption 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.
CVE-2021-39024 1 Ibm 1 Guardium Data Encryption 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862.
CVE-2021-39023 1 Ibm 1 Guardium Data Encryption 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.
CVE-2021-39022 1 Ibm 1 Guardium Data Encryption 2024-11-21 6.8 MEDIUM 8.8 HIGH
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.