CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38984 326 2021-11-15 2021-11-16
5.0
None Remote Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.
2 CVE-2021-38925 326 2021-10-06 2021-10-14
5.0
None Remote Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.
3 CVE-2021-38864 295 +Info 2021-09-23 2021-09-29
5.0
None Remote Low Not required Partial None None
IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.
4 CVE-2021-38862 326 2021-10-12 2021-10-18
5.0
None Remote Low Not required Partial None None
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
5 CVE-2021-29875 +Info 2021-11-02 2021-11-03
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.
6 CVE-2021-29873 668 DoS +Info 2021-10-21 2021-10-26
5.5
None Remote Low ??? Partial None Partial
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
7 CVE-2021-29842 307 2021-09-16 2021-09-27
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.
8 CVE-2021-29831 611 2021-09-21 2021-09-29
5.5
None Remote Low ??? Partial None Partial
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.
9 CVE-2021-29802 269 2021-08-23 2021-08-26
5.0
None Remote Low Not required None Partial None
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
10 CVE-2021-29794 326 2021-07-12 2021-07-14
5.0
None Remote Low Not required Partial None None
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.
11 CVE-2021-29765 287 +Info 2021-08-04 2021-08-11
5.0
None Remote Low Not required Partial None None
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476.
12 CVE-2021-29749 918 2021-07-15 2021-07-31
5.5
None Remote Low ??? Partial Partial None
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.
13 CVE-2021-29704 327 2021-08-23 2021-08-26
5.0
None Remote Low Not required Partial None None
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
14 CVE-2021-29676 74 +Priv XSS 2021-06-25 2021-06-30
5.8
None Remote Medium Not required Partial Partial None
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
15 CVE-2021-20585 200 +Info 2021-06-01 2021-06-04
5.0
None Remote Low Not required Partial None None
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.
16 CVE-2021-20584 434 2021-10-07 2021-10-15
5.0
None Remote Low Not required None Partial None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.
17 CVE-2021-20576 2021-06-01 2021-06-04
5.0
None Remote Low Not required None None Partial
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.
18 CVE-2021-20565 20 Bypass 2021-05-14 2021-05-20
5.0
None Remote Low Not required None Partial None
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236.
19 CVE-2021-20541 863 2021-08-02 2021-08-06
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.
20 CVE-2021-20540 863 2021-08-02 2021-08-06
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.
21 CVE-2021-20539 863 2021-08-02 2021-08-06
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.
22 CVE-2021-20535 918 2021-05-13 2021-05-20
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834.
23 CVE-2021-20529 200 +Info 2021-05-19 2021-05-25
5.0
None Remote Low Not required Partial None None
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.
24 CVE-2021-20526 732 +Info 2021-10-27 2021-10-29
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.
25 CVE-2021-20502 611 2021-03-30 2021-03-31
5.5
None Remote Low ??? Partial None Partial
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
26 CVE-2021-20482 611 2021-03-30 2021-04-01
5.5
None Remote Low ??? Partial None Partial
IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.
27 CVE-2021-20474 306 2021-07-07 2021-07-12
5.0
None Remote Low Not required None Partial None
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
28 CVE-2021-20439 522 2021-07-15 2021-07-31
5.0
None Remote Low Not required Partial None None
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
29 CVE-2021-20429 732 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.
30 CVE-2021-20422 200 +Info 2021-07-13 2021-07-14
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.
31 CVE-2021-20416 668 +Info 2021-07-07 2021-07-09
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.
32 CVE-2021-20415 522 2021-07-07 2021-07-09
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.
33 CVE-2021-20413 209 +Info 2021-06-28 2021-06-29
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.
34 CVE-2021-20405 116 2021-02-11 2021-02-12
5.0
None Remote Low Not required None Partial None
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.
35 CVE-2021-20404 DoS 2021-02-11 2021-02-12
5.0
None Remote Low Not required None None Partial
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.
36 CVE-2021-20393 209 +Info 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.
37 CVE-2021-20380 +Info 2021-06-03 2021-06-11
5.0
None Remote Low Not required Partial None None
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.
38 CVE-2021-20379 327 2021-07-07 2021-07-09
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.
39 CVE-2021-20360 326 2021-07-13 2021-07-14
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.
40 CVE-2021-20348 918 2021-06-02 2021-06-07
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.
41 CVE-2021-20347 918 2021-06-02 2021-06-07
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.
42 CVE-2021-20346 918 2021-06-02 2021-06-07
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.
43 CVE-2021-20345 918 2021-06-02 2021-06-07
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.
44 CVE-2021-20343 918 2021-06-02 2021-06-07
5.5
None Remote Low ??? Partial Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.
45 CVE-2021-20341 2021-03-09 2021-03-10
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.
46 CVE-2020-10693 20 Bypass 2020-05-06 2021-07-14
5.0
None Remote Low Not required None Partial None
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
47 CVE-2020-5023 400 2021-02-10 2021-02-11
5.0
None Remote Low Not required None None Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.
48 CVE-2020-5008 922 2021-06-07 2021-06-10
5.0
None Remote Low Not required Partial None None
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.
49 CVE-2020-4995 613 +Info 2021-02-09 2021-02-11
5.0
None Remote Low Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912.
50 CVE-2020-4985 200 +Info 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
Total number of vulnerabilities : 941   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.