CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38899 200 +Info 2021-09-20 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.
2 CVE-2021-38863 522 2021-09-23 2021-09-29
2.1
None Local Low Not required Partial None None
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.
3 CVE-2021-29868 613 +Info 2021-10-27 2021-11-02
2.1
None Local Low Not required Partial None None
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.
4 CVE-2021-29861 2021-11-17 2021-11-19
2.1
None Local Low Not required Partial None None
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
5 CVE-2021-29860 2021-11-17 2021-11-18
2.1
None Local Low Not required Partial None None
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
6 CVE-2021-29759 532 +Info 2021-07-07 2021-07-15
2.1
None Local Low Not required Partial None None
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
7 CVE-2021-29693 269 DoS 2021-06-28 2021-08-31
2.1
None Local Low Not required None None Partial
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
8 CVE-2021-20575 922 2021-06-01 2021-06-07
2.1
None Local Low Not required Partial None None
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
9 CVE-2021-20546 787 Overflow 2021-04-26 2021-04-28
2.1
None Local Low Not required None None Partial
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934
10 CVE-2021-20491 787 Overflow 2021-04-16 2021-04-21
2.1
None Local Low Not required None None Partial
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.
11 CVE-2021-20478 200 +Info 2021-07-20 2021-07-29
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.
12 CVE-2021-20435 295 +Info 2021-09-23 2021-09-29
2.1
None Local Low Not required Partial None None
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.
13 CVE-2021-20434 522 2021-09-23 2021-09-29
2.1
None Local Low Not required Partial None None
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.
14 CVE-2021-20396 922 2021-06-11 2021-06-21
2.1
None Local Low Not required Partial None None
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
15 CVE-2021-20391 922 2021-05-14 2021-05-20
2.1
None Local Low Not required Partial None None
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.
16 CVE-2020-4996 +Info 2021-02-09 2021-02-11
2.1
None Local Low Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.
17 CVE-2020-4956 400 DoS 2021-02-15 2021-02-17
2.3
None Local Network Medium ??? None None Partial
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.
18 CVE-2020-4951 200 +Info 2021-10-15 2021-11-17
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
19 CVE-2020-4944 312 2021-03-30 2021-10-18
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
20 CVE-2020-4918 434 2021-01-04 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
21 CVE-2020-4913 522 2021-01-04 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
22 CVE-2020-4906 922 2020-12-16 2020-12-17
2.1
None Local Low Not required Partial None None
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
23 CVE-2020-4900 532 2020-11-30 2020-12-02
2.1
None Local Low Not required Partial None None
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
24 CVE-2020-4891 307 2021-03-16 2021-03-22
2.1
None Local Low Not required Partial None None
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.
25 CVE-2020-4890 400 DoS 2021-03-16 2021-03-22
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.
26 CVE-2020-4887 2021-01-20 2021-08-31
2.1
None Local Low Not required None Partial None
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
27 CVE-2020-4886 922 +Info 2020-11-13 2020-11-17
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
28 CVE-2020-4884 312 2021-03-30 2021-04-01
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
29 CVE-2020-4871 200 +Info 2021-01-19 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
30 CVE-2020-4851 74 2021-03-16 2021-03-22
2.1
None Local Low Not required None Partial None
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.
31 CVE-2020-4809 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
32 CVE-2020-4805 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
33 CVE-2020-4803 922 2021-09-23 2021-09-28
2.1
None Local Low Not required Partial None None
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
34 CVE-2020-4787 918 2021-01-27 2021-02-02
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.
35 CVE-2020-4765 922 2021-05-19 2021-05-26
2.1
None Local Low Not required Partial None None
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
36 CVE-2020-4726 922 2021-03-02 2021-03-08
2.1
None Local Low Not required Partial None None
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
37 CVE-2020-4717 2021-03-10 2021-03-16
2.1
None Local Low Not required None Partial None
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727.
38 CVE-2020-4699 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
39 CVE-2020-4661 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
40 CVE-2020-4660 203 2020-10-12 2020-10-19
2.9
None Local Network Medium Not required Partial None None
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
41 CVE-2020-4651 352 CSRF 2020-11-09 2020-11-12
2.9
None Local Network Medium Not required None Partial None
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.
42 CVE-2020-4650 200 +Info 2020-11-09 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
43 CVE-2020-4568 522 2020-11-10 2020-11-17
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.
44 CVE-2020-4498 200 +Info 2020-07-27 2021-07-21
2.1
None Local Low Not required Partial None None
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
45 CVE-2020-4492 88 DoS 2020-08-31 2020-08-31
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.
46 CVE-2020-4491 400 DoS 2020-10-20 2021-07-21
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.
47 CVE-2020-4408 522 2020-07-27 2020-07-28
2.1
None Local Low Not required Partial None None
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.
48 CVE-2020-4372 522 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
49 CVE-2020-4371 922 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
50 CVE-2020-4369 312 +Info 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
Total number of vulnerabilities : 351   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.