Latest CVE Feed
-
7.5
HIGHCVE-2021-29694
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.... Read more
- EPSS Score: %0.11
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-29693
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.... Read more
- EPSS Score: %0.10
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-29692
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using ... Read more
- EPSS Score: %0.18
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29691
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: ... Read more
- EPSS Score: %0.06
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29688
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200... Read more
- EPSS Score: %0.30
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29687
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018... Read more
- EPSS Score: %0.19
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29686
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015... Read more
- EPSS Score: %0.17
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-29683
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.... Read more
- EPSS Score: %0.09
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29682
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199... Read more
- EPSS Score: %0.32
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29681
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.... Read more
- EPSS Score: %0.19
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29679
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.... Read more
- EPSS Score: %0.72
- Published: Oct. 15, 2021
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2021-29678
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.... Read more
- EPSS Score: %0.10
- Published: Dec. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29677
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede... Read more
Affected Products : security_verify- EPSS Score: %0.24
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-29676
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the v... Read more
Affected Products : security_verify- EPSS Score: %0.12
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29673
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more
- EPSS Score: %0.22
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-29672
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the... Read more
- EPSS Score: %0.05
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-29671
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.... Read more
Affected Products : spectrum_scale- EPSS Score: %0.04
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29670
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- EPSS Score: %0.21
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-29668
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- EPSS Score: %0.21
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-29667
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.... Read more
- EPSS Score: %0.31
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024