Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29803 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204164. | |||||
| CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | |||||
| CVE-2021-20362 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033. | |||||
| CVE-2021-20361 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032. | |||||
| CVE-2021-20364 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035. | |||||
| CVE-2021-20363 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195034. | |||||
| CVE-2021-20365 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036. | |||||
| CVE-2021-20366 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037. | |||||
| CVE-2021-20368 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357. | |||||
| CVE-2021-20369 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | |||||
| CVE-2021-20423 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | |||||
| CVE-2021-20424 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309. | |||||
| CVE-2021-29792 | 1 Ibm | 1 Event Streams | 2021-07-14 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450. | |||||
| CVE-2021-20414 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. | |||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2021-07-14 | 6.8 MEDIUM | 8.8 HIGH |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | |||||
| CVE-2021-20474 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | |||||
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
| CVE-2021-20417 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 | |||||
| CVE-2021-20378 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709. | |||||
| CVE-2020-4902 | 2 Ibm, Microsoft | 2 Datacap Navigator, Windows | 2021-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045. | |||||