Latest CVE Feed
-
5.5
MEDIUMCVE-2021-20348
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-20347
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-20346
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-20345
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-20343
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20341
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.... Read more
Affected Products : cloud_pak_for_multicloud_management_monitoring- Published: Mar. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20340
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20338
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20337
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.... Read more
- Published: Jul. 26, 2021
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2021-20336
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more
Affected Products : tivoli_netcool\/omnibus_webgui- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-20335
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automa... Read more
Affected Products : ops_manager- Published: Feb. 11, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20334
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1... Read more
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20333
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and M... Read more
Affected Products : mongodb- Published: Jul. 23, 2021
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2021-20332
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these e... Read more
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-20331
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart"... Read more
Affected Products : c\#_driver- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20330
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0... Read more
Affected Products : mongodb- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue... Read more
Affected Products : go_driver- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM a... Read more
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-20327
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of... Read more
Affected Products : libmongocrypt- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20326
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.... Read more
Affected Products : mongodb- Published: Apr. 30, 2021
- Modified: Nov. 21, 2024