Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2021-38980 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-38891 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38890 HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-38875 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Mq
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37939 npm LOW PATCH Monitor

It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic IBM Atlassian Information Disclosure Kibana
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2021-38959 MEDIUM This Month

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29861 MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-29860 MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-38949 MEDIUM PATCH This Month

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq Websphere Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38882 MEDIUM PATCH This Month

IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-38984 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38983 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38982 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38981 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-38979 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38978 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-38977 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-38976 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38975 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38974 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-3723 HIGH This Week

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection System X3550 M3 Firmware System X3650 M3 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-38985 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38973 LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2021-38972 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38887 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29843 MEDIUM This Month

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29735 MEDIUM This Month

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29753 MEDIUM This Month

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-38948 CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XXE Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-29888 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-29875 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29771 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29738 MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29737 HIGH PATCH This Week

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29868 MEDIUM PATCH This Month

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure I2 Ibase
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29844 HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29786 MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-29774 HIGH PATCH This Week

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29713 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Rational Collaborative Lifecycle Management Rational Doors Next Generation +2
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29673 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20526 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-29835 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29883 MEDIUM PATCH This Month

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Transformation Extender Advanced
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-29873 HIGH PATCH This Week

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Spectrum Virtualize Spectrum Virtualize For Public Cloud Storwize V3500 Software +7
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-38896 MEDIUM PATCH This Month

IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Advisor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38911 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Risk Manager On Cp4S
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-29912 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Risk Manager On Cp4S
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29878 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29745 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29679 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-38915 MEDIUM This Month

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-38862 HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29906 MEDIUM This Month

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29700 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20584 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20571 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-20561 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20552 MEDIUM PATCH This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20489 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling File Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-20481 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20473 MEDIUM PATCH This Month

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20376 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20375 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20372 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-38923 CRITICAL Act Now

IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-29908 CRITICAL Act Now

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Ts7700 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-38925 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29903 CRITICAL PATCH Act Now

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Sterling B2b Integrator
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-29855 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29837 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-29836 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29798 CRITICAL PATCH Act Now

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Sterling B2b Integrator
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-29764 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29761 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-29760 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-29758 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-29894 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20578 CRITICAL PATCH Act Now

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Cloud Pak For Security
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-20554 MEDIUM PATCH This Month

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling Order Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29834 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38877 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38870 MEDIUM This Month

IBM Aspera Cloud is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29905 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29904 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29833 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29832 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29816 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29815 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29814 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29813 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling Connect
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Mq
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic IBM Atlassian +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Microsoft +3
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Security Guardium Key Lifecycle Manager +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection System X3550 M3 Firmware +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Appliance
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Guardium
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XXE Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure I2 Ibase
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Engineering Lifecycle Optimization +5
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization +4
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Transformation Extender Advanced
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Spectrum Virtualize +9
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Advisor
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Risk Manager On Cp4S
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Risk Manager On Cp4S
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Analytics +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling File Gateway
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Ts7700 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Sterling B2b Integrator
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling B2b Integrator
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Sterling B2b Integrator
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Cloud Pak For Security
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling Order Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Cloud is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera On Cloud
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
Prev Page 21 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy