Latest CVE Feed
-
7.8
HIGHCVE-2021-20532
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.... Read more
Affected Products : windows spectrum_protect_for_virtual_environments spectrum_protect_backup-archive_client- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20529
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.... Read more
Affected Products : control_center- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20528
IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more
Affected Products : control_center- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-20527
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.... Read more
- Published: Apr. 19, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20526
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 1... Read more
Affected Products : planning_analytics- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-20524
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-20523
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20520
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20519
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights engineering_lifecycle_management +5 more products- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20518
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-20517
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary ... Read more
Affected Products : websphere_application_server_nd- Published: Jun. 07, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-20515
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Fo... Read more
- Published: Apr. 30, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20511
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force I... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20510
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.... Read more
- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-20508
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 1... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20507
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
- Published: Jul. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20506
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-20505
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access... Read more
Affected Products : powervm_hypervisor- Published: Jul. 29, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20504
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024