Latest CVE Feed
-
5.3
MEDIUMCVE-2021-29687
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018... Read more
- EPSS Score: %0.19
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29686
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015... Read more
- EPSS Score: %0.17
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-29683
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.... Read more
- EPSS Score: %0.09
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29682
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199... Read more
- EPSS Score: %0.32
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29681
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.... Read more
- EPSS Score: %0.19
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29679
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.... Read more
- EPSS Score: %0.72
- Published: Oct. 15, 2021
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2021-29678
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.... Read more
- EPSS Score: %0.10
- Published: Dec. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29677
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede... Read more
Affected Products : security_verify- EPSS Score: %0.24
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-29676
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the v... Read more
Affected Products : security_verify- EPSS Score: %0.12
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29673
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more
- EPSS Score: %0.22
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-29672
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the... Read more
- EPSS Score: %0.05
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-29671
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.... Read more
Affected Products : spectrum_scale- EPSS Score: %0.04
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29670
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- EPSS Score: %0.21
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29668
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- EPSS Score: %0.21
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-29667
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.... Read more
- EPSS Score: %0.31
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29666
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred... Read more
- EPSS Score: %0.16
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.0
CRITICALCVE-2021-29665
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.... Read more
Affected Products : security_verify_access- EPSS Score: %0.68
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-29663
CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS p... Read more
Affected Products : course_registration_management_system- EPSS Score: %0.20
- Published: Mar. 31, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.... Read more
- EPSS Score: %0.36
- Published: Mar. 31, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29661
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated use... Read more
Affected Products : opc_toolbox- EPSS Score: %0.32
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024