CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38985 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2 CVE-2021-38973 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
3 CVE-2021-38972 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
4 CVE-2021-38967 94 Exec Code 2021-11-30 2021-11-30
4.6
None Local Low Not required Partial Partial Partial
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
5 CVE-2021-38915 312 2021-10-12 2021-10-18
4.0
None Remote Low ??? Partial None None
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
6 CVE-2021-38887 200 +Info 2021-11-10 2021-11-12
4.0
None Remote Low ??? Partial None None
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.
7 CVE-2021-38875 DoS 2021-11-23 2021-11-24
4.0
None Remote Low ??? None None Partial
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
8 CVE-2021-29883 863 2021-10-21 2021-10-26
4.3
None Remote Medium Not required Partial None None
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.
9 CVE-2021-29880 668 2021-08-13 2021-08-27
4.0
None Remote Low ??? Partial None None
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979.
10 CVE-2021-29862 DoS 2021-08-26 2021-09-07
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.
11 CVE-2021-29856 DoS 2021-09-20 2021-09-28
4.0
None Remote Low ??? None None Partial
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.
12 CVE-2021-29853 252 2021-09-01 2021-09-09
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.
13 CVE-2021-29851 +Info 2021-09-01 2021-09-09
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.
14 CVE-2021-29843 DoS 2021-11-08 2021-11-10
4.0
None Remote Low ??? None None Partial
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
15 CVE-2021-29835 79 XSS 2021-10-22 2021-10-25
4.3
None Remote Medium Not required None Partial None
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.
16 CVE-2021-29811 522 2021-09-20 2021-09-28
4.0
None Remote Low ??? Partial None None
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.
17 CVE-2021-29795 74 2021-09-21 2021-09-29
4.9
None Local Low Not required None None Complete
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.
18 CVE-2021-29786 312 2021-10-27 2021-11-01
4.0
None Remote Low ??? Partial None None
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
19 CVE-2021-29775 79 XSS 2021-06-28 2021-07-02
4.3
None Remote Medium Not required None Partial None
IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.
20 CVE-2021-29761 200 +Info 2021-10-06 2021-10-08
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.
21 CVE-2021-29760 863 2021-10-06 2021-10-08
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.
22 CVE-2021-29758 287 2021-10-06 2021-10-08
4.0
None Remote Low ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.
23 CVE-2021-29753 319 2021-11-05 2021-11-09
4.3
None Remote Medium Not required Partial None None
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
24 CVE-2021-29739 252 +Info 2021-08-10 2021-08-17
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.
25 CVE-2021-29727 DoS 2021-08-26 2021-09-13
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.
26 CVE-2021-29714 20 DoS 2021-08-09 2021-08-16
4.0
None Remote Low ??? None None Partial
IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.
27 CVE-2021-29711 732 2021-07-08 2021-07-15
4.0
None Remote Low ??? None Partial None
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.
28 CVE-2021-29708 269 2021-05-25 2021-06-01
4.6
None Local Low Not required Partial Partial Partial
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.
29 CVE-2021-29700 200 +Info 2021-10-07 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.
30 CVE-2021-29697 +Info 2021-08-02 2021-08-10
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.
31 CVE-2021-29665 787 Exec Code Overflow 2021-06-01 2021-06-07
4.6
None Local Low Not required Partial Partial Partial
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.
32 CVE-2021-20583 20 2021-06-25 2021-06-30
4.0
None Remote Low ??? Partial None None
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396.
33 CVE-2021-20580 352 CSRF 2021-06-29 2021-06-30
4.3
None Remote Medium Not required None Partial None
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.
34 CVE-2021-20577 79 XSS 2021-05-10 2021-05-14
4.3
None Remote Medium Not required None Partial None
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281.
35 CVE-2021-20564 200 +Info 2021-05-14 2021-05-20
4.3
None Remote Medium Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.
36 CVE-2021-20563 200 +Info 2021-09-23 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.
37 CVE-2021-20561 79 XSS 2021-10-07 2021-10-15
4.3
None Remote Medium Not required None Partial None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.
38 CVE-2021-20554 79 XSS 2021-09-30 2021-10-01
4.3
None Remote Medium Not required None Partial None
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.
39 CVE-2021-20519 79 XSS 2021-04-12 2021-04-13
4.3
None Remote Medium Not required None Partial None
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.
40 CVE-2021-20494 787 Overflow 2021-06-28 2021-06-29
4.0
None Remote Low ??? None None Partial
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.
41 CVE-2021-20485 209 +Info 2021-09-23 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.
42 CVE-2021-20481 79 XSS 2021-10-07 2021-10-16
4.3
None Remote Medium Not required None Partial None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.
43 CVE-2021-20473 613 2021-10-07 2021-10-16
4.0
None Remote Low ??? None Partial None
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.
44 CVE-2021-20461 863 Bypass 2021-06-30 2021-09-20
4.0
None Remote Low ??? None Partial None
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.
45 CVE-2021-20440 2021-03-15 2021-03-17
4.0
None Remote Low ??? None Partial None
IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.
46 CVE-2021-20424 209 +Info 2021-07-13 2021-07-14
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.
47 CVE-2021-20417 209 +Info 2021-07-07 2021-07-09
4.0
None Remote Low ??? Partial None None
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219
48 CVE-2021-20414 2021-07-12 2021-07-14
4.0
None Remote Low ??? Partial None None
IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216.
49 CVE-2021-20402 209 +Info 2021-02-11 2021-02-12
4.0
None Remote Low ??? Partial None None
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.
50 CVE-2021-20392 79 XSS 2021-05-14 2021-05-20
4.3
None Remote Medium Not required None Partial None
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Total number of vulnerabilities : 1441   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.