Filtered by vendor Ibm
Subscribe
Total
7404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29864 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 | |||||
| CVE-2021-29863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. | |||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
| CVE-2021-29861 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. | |||||
| CVE-2021-29860 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. | |||||
| CVE-2021-29859 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. | |||||
| CVE-2021-29856 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. | |||||
| CVE-2021-29855 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. | |||||
| CVE-2021-29854 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | |||||
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
| CVE-2021-29852 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. | |||||
| CVE-2021-29851 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. | |||||
| CVE-2021-29849 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. | |||||
| CVE-2021-29847 | 1 Ibm | 10 Power Hardware Management Console \(7063-cr1\), Power Hardware Management Console \(7063-cr1\) Firmware, Power System Cs821lc \(8005-12n\) and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. | |||||
| CVE-2021-29846 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | |||||
| CVE-2021-29845 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. | |||||
| CVE-2021-29844 | 1 Ibm | 7 Engineering Lifecycle Optimization, Engineering Requirements Quality Assistant On-premises, Engineering Workflow Management and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2021-29843 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203. | |||||
| CVE-2021-29842 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||