Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20557 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-11-21 9.0 HIGH 7.2 HIGH
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.
CVE-2021-20554 1 Ibm 1 Sterling Order Management 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.
CVE-2021-20552 3 Ibm, Linux, Microsoft 4 Aix, Sterling File Gateway, Linux Kernel and 1 more 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.
CVE-2021-20551 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 2.1 LOW 3.3 LOW
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
CVE-2021-20550 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.
CVE-2021-20549 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167.
CVE-2021-20546 1 Ibm 2 Spectrum Protect Client, Spectrum Protect For Space Management 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934
CVE-2021-20544 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.
CVE-2021-20543 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.
CVE-2021-20541 1 Ibm 1 Cloud Pak For Security 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.
CVE-2021-20540 1 Ibm 1 Cloud Pak For Security 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.
CVE-2021-20539 1 Ibm 1 Cloud Pak For Security 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.
CVE-2021-20538 1 Ibm 1 Cloud Pak For Security 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20537 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
CVE-2021-20536 2 Ibm, Microsoft 2 Spectrum Protect Plus, Windows 2024-11-21 2.1 LOW 6.2 MEDIUM
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.
CVE-2021-20535 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834.
CVE-2021-20534 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.9 MEDIUM 3.5 LOW
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
CVE-2021-20533 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 6.5 MEDIUM 7.2 HIGH
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
CVE-2021-20532 2 Ibm, Microsoft 3 Spectrum Protect Backup-archive Client, Spectrum Protect For Virtual Environments, Windows 2024-11-21 7.2 HIGH 7.8 HIGH
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.
CVE-2021-20529 1 Ibm 1 Control Center 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.