CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-29844 918 2021-10-27 2021-11-02
6.5
None Remote Low ??? Partial Partial Partial
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
2 CVE-2021-29837 352 CSRF 2021-10-06 2021-10-14
6.8
None Remote Medium Not required Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.
3 CVE-2021-29792 269 +Priv 2021-07-12 2021-07-14
6.5
None Remote Low ??? Partial Partial Partial
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
4 CVE-2021-29780 20 2021-07-19 2021-07-26
6.5
None Remote Low ??? Partial Partial Partial
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.
5 CVE-2021-29774 269 2021-10-27 2021-10-29
6.0
None Remote Medium ??? Partial Partial Partial
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
6 CVE-2021-29757 352 CSRF 2021-08-02 2021-08-06
6.8
None Remote Medium Not required Partial Partial Partial
IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.
7 CVE-2021-29745 269 2021-10-15 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
8 CVE-2021-29730 89 Sql 2021-07-09 2021-07-15
6.5
None Remote Low ??? Partial Partial Partial
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
9 CVE-2021-29715 668 +Info 2021-08-26 2021-09-01
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.
10 CVE-2021-29679 94 Exec Code 2021-10-15 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
11 CVE-2021-20574 74 2021-06-28 2021-07-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.
12 CVE-2021-20538 863 +Info 2021-05-10 2021-05-14
6.4
None Remote Low Not required Partial Partial None
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
13 CVE-2021-20527 77 2021-04-19 2021-04-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
14 CVE-2021-20517 22 Dir. Trav. 2021-06-07 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.
15 CVE-2021-20501 400 2021-04-21 2021-04-23
6.4
None Remote Low Not required None Partial Partial
IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056.
16 CVE-2021-20492 611 2021-05-26 2021-06-04
6.4
None Remote Low Not required Partial None Partial
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
17 CVE-2021-20489 352 CSRF 2021-10-07 2021-10-16
6.8
None Remote Medium Not required Partial Partial Partial
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.
18 CVE-2021-20454 611 2021-04-21 2021-04-23
6.4
None Remote Low Not required Partial None Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.
19 CVE-2021-20453 776 2021-04-20 2021-04-23
6.4
None Remote Low Not required Partial None Partial
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.
20 CVE-2021-20423 732 2021-07-13 2021-07-14
6.5
None Remote Low ??? Partial Partial Partial
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.
21 CVE-2021-20403 352 CSRF 2021-02-11 2021-02-12
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
22 CVE-2021-20378 613 2021-07-07 2021-07-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.
23 CVE-2021-20353 611 2021-02-10 2021-02-11
6.4
None Remote Low Not required Partial None Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
24 CVE-2020-5003 611 2021-06-11 2021-06-21
6.4
None Remote Low Not required Partial None Partial
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.
25 CVE-2020-4990 89 Sql 2021-05-24 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
26 CVE-2020-4974 918 2021-07-28 2021-08-04
6.5
None Remote Low ??? Partial Partial Partial
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
27 CVE-2020-4942 352 CSRF 2021-01-04 2021-01-06
6.8
None Remote Medium Not required Partial Partial Partial
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.
28 CVE-2020-4938 352 CSRF 2021-07-12 2021-07-14
6.8
None Remote Medium Not required Partial Partial Partial
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.
29 CVE-2020-4917 352 CSRF 2021-01-04 2021-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.
30 CVE-2020-4912 269 2021-01-04 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
31 CVE-2020-4903 +Info 2021-03-08 2021-03-12
6.4
None Remote Low Not required Partial Partial None
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
32 CVE-2020-4901 DoS +Info 2021-05-07 2021-05-11
6.4
None Remote Low Not required Partial None Partial
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
33 CVE-2020-4899 319 +Info 2021-01-05 2021-01-07
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
34 CVE-2020-4896 444 2021-01-07 2021-07-21
6.4
None Remote Low Not required Partial Partial None
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
35 CVE-2020-4828 20 2021-02-04 2021-02-04
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.
36 CVE-2020-4821 287 Bypass 2021-07-16 2021-07-29
6.8
None Remote Medium Not required Partial Partial Partial
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834
37 CVE-2020-4795 200 +Info 2021-02-09 2021-07-21
6.4
None Remote Low Not required Partial Partial None
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
38 CVE-2020-4703 434 Exec Code 2020-09-15 2020-09-16
6.0
None Remote Medium ??? Partial Partial Partial
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
39 CVE-2020-4700 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.
40 CVE-2020-4685 269 +Priv 2020-11-11 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.
41 CVE-2020-4670 287 Bypass 2021-05-17 2021-05-24
6.4
None Remote Low Not required Partial Partial None
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.
42 CVE-2020-4669 862 2021-05-17 2021-05-24
6.4
None Remote Low Not required Partial Partial None
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.
43 CVE-2020-4662 287 2020-08-14 2020-08-14
6.5
None Remote Low ??? Partial Partial Partial
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.
44 CVE-2020-4655 89 Sql 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.
45 CVE-2020-4647 89 Sql 2020-11-16 2020-11-23
6.5
None Remote Low ??? Partial Partial Partial
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
46 CVE-2020-4638 269 2020-09-03 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.
47 CVE-2020-4621 863 2020-09-22 2020-09-22
6.5
None Remote Low ??? Partial Partial Partial
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.
48 CVE-2020-4611 732 Bypass 2020-09-22 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
49 CVE-2020-4603 269 2020-08-27 2020-08-27
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.
50 CVE-2020-4569 668 Bypass 2020-07-29 2020-07-29
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158.
Total number of vulnerabilities : 600   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.