Latest CVE Feed
-
9.1
CRITICALCVE-2021-20538
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.... Read more
Affected Products : cloud_pak_for_security- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20537
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-20536
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.... Read more
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20535
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitati... Read more
Affected Products : jazz_reporting_service- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-20534
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof th... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-20533
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20532
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.... Read more
Affected Products : windows spectrum_protect_for_virtual_environments spectrum_protect_backup-archive_client- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20529
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.... Read more
Affected Products : control_center- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20528
IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more
Affected Products : control_center- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-20527
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.... Read more
- Published: Apr. 19, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20526
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 1... Read more
Affected Products : planning_analytics- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-20524
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-20523
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20520
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20519
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights engineering_lifecycle_management +5 more products- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20518
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-20517
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary ... Read more
Affected Products : websphere_application_server_nd- Published: Jun. 07, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-20515
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Fo... Read more
- Published: Apr. 30, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20511
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force I... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20510
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024