Filtered by vendor Ibm
Subscribe
Total
7811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38871 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345. | |||||
| CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. | |||||
| CVE-2021-38869 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. | |||||
| CVE-2021-38868 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310. | |||||
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | |||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
| CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | |||||
| CVE-2021-38859 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899. | |||||
| CVE-2021-34587 | 2 Bender, Ibm | 9 Cc612, Cc612 Firmware, Cc613 and 6 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. | |||||
| CVE-2021-29913 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898. | |||||
| CVE-2021-29912 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. | |||||
| CVE-2021-29908 | 1 Ibm | 2 Ts7700, Ts7700 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. | |||||
| CVE-2021-29907 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | |||||
| CVE-2021-29906 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. | |||||
| CVE-2021-29905 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616. | |||||
| CVE-2021-29904 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. | |||||
| CVE-2021-29903 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. | |||||
| CVE-2021-29899 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. | |||||
| CVE-2021-29894 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | |||||
| CVE-2021-29891 | 1 Ibm | 8 Hardware Management Console 7063-cr2, Hardware Management Console 7063-cr2 Firmware, Power System Ac922 \(8335-gtg\) and 5 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. | |||||