Latest CVE Feed
-
6.5
MEDIUMCVE-2021-20374
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more
- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20373
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.... Read more
- Published: Dec. 09, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-20372
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.... Read more
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20371
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-20369
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20368
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20366
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20365
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20364
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20363
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20362
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20361
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20360
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20359
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.... Read more
Affected Products : cloud_pak_for_automation- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20358
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.... Read more
Affected Products : cloud_pak_for_automation- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20357
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management engineering_insights engineering_lifecycle_management +6 more products- Published: Jan. 27, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20355
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information fr... Read more
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20354
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 1... Read more
- Published: Feb. 18, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-20353
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources... Read more
Affected Products : websphere_application_server- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20352
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024