Filtered by vendor Ibm
Subscriptions
Total
7836 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20538 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 9.1 Critical |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919. | ||||
| CVE-2021-20537 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 6.5 Medium |
| IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 | ||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 6.2 Medium |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | ||||
| CVE-2021-20535 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 5.4 Medium |
| IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834. | ||||
| CVE-2021-20534 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 3.5 Low |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 | ||||
| CVE-2021-20533 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 7.2 High |
| IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | ||||
| CVE-2021-20532 | 2 Ibm, Microsoft | 3 Spectrum Protect Backup-archive Client, Spectrum Protect For Virtual Environments, Windows | 2024-11-21 | 7.8 High |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. | ||||
| CVE-2021-20529 | 1 Ibm | 1 Control Center | 2024-11-21 | 5.3 Medium |
| IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763. | ||||
| CVE-2021-20528 | 1 Ibm | 1 Control Center | 2024-11-21 | 5.4 Medium |
| IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761. | ||||
| CVE-2021-20527 | 1 Ibm | 1 Resilient | 2024-11-21 | 7.2 High |
| IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759. | ||||
| CVE-2021-20526 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.3 Medium |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. | ||||
| CVE-2021-20524 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.8 Medium |
| IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. | ||||
| CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 2.7 Low |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | ||||
| CVE-2021-20520 | 1 Ibm | 6 Engineering Insights, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 3 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572. | ||||
| CVE-2021-20519 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. | ||||
| CVE-2021-20518 | 1 Ibm | 6 Engineering Insights, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 3 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437. | ||||
| CVE-2021-20517 | 1 Ibm | 1 Websphere Application Server Nd | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435. | ||||
| CVE-2021-20515 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Informix Dynamic Server and 3 more | 2024-11-21 | 6.7 Medium |
| IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | ||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.9 Medium |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | ||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 4.4 Medium |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | ||||