Filtered by vendor Ibm
Subscriptions
Total
7836 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-11-21 | 7.5 High |
| IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | ||||
| CVE-2021-20565 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236. | ||||
| CVE-2021-20564 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.9 Medium |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235. | ||||
| CVE-2021-20563 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.3 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. | ||||
| CVE-2021-20562 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232. | ||||
| CVE-2021-20561 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.1 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. | ||||
| CVE-2021-20560 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling Connect Direct User Interface and 3 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. | ||||
| CVE-2021-20559 | 1 Ibm | 1 Control Desk | 2024-11-21 | 5.4 Medium |
| IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228. | ||||
| CVE-2021-20557 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.2 High |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | ||||
| CVE-2021-20554 | 1 Ibm | 1 Sterling Order Management | 2024-11-21 | 6.1 Medium |
| IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. | ||||
| CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | ||||
| CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 3.3 Low |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | ||||
| CVE-2021-20550 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168. | ||||
| CVE-2021-20549 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167. | ||||
| CVE-2021-20546 | 1 Ibm | 2 Spectrum Protect Client, Spectrum Protect For Space Management | 2024-11-21 | 5.5 Medium |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934 | ||||
| CVE-2021-20544 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 4.3 Medium |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931. | ||||
| CVE-2021-20543 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929. | ||||
| CVE-2021-20541 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927. | ||||
| CVE-2021-20540 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. | ||||
| CVE-2021-20539 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920. | ||||