Filtered by vendor Ibm
Subscribe
Total
7404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38918 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. | |||||
| CVE-2021-38917 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. | |||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | |||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | |||||
| CVE-2021-38910 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | |||||
| CVE-2021-38909 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. | |||||
| CVE-2021-38905 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | |||||
| CVE-2021-38904 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | |||||
| CVE-2021-38903 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691. | |||||
| CVE-2021-38901 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. | |||||
| CVE-2021-38900 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. | |||||
| CVE-2021-38899 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. | |||||
| CVE-2021-38896 | 2 Ibm, Linux | 2 Qradar Advisor, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566. | |||||
| CVE-2021-38895 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | |||||
| CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
| CVE-2021-38893 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512. | |||||
| CVE-2021-38891 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. | |||||
| CVE-2021-38890 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. | |||||
| CVE-2021-38887 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. | |||||
| CVE-2021-38886 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. | |||||