Latest CVE Feed
-
4.3
MEDIUMCVE-2021-20508
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 1... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20507
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
- Published: Jul. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20506
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-20505
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access... Read more
Affected Products : powervm_hypervisor- Published: Jul. 29, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20504
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20503
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-20502
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-20501
IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network... Read more
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-20500
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-20499
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20498
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20497
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-20496
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.... Read more
Affected Products : docker security_access_manager security_verify_access security_verify_access_docker- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20494
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.... Read more
Affected Products : security_identity_manager_adapter- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-20493
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more
- Published: Dec. 03, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-20492
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume m... Read more
Affected Products : websphere_application_server- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-20491
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffe... Read more
- Published: Apr. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-20490
IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.... Read more
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-20489
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.... Read more
Affected Products : sterling_file_gateway- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20488
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ... Read more
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024