Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2021-29812 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29810 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38864 HIGH PATCH This Week

IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38863 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29800 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20563 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20485 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20484 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20435 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-20434 MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-20377 LOW PATCH Monitor

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2021-29831 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-29795 MEDIUM PATCH This Month

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

IBM Denial Of Service Powervm Hypervisor
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-38899 MEDIUM PATCH This Month

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-29856 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29821 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29820 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29819 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29818 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29817 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29811 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-29809 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29808 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29807 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29806 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29842 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29825 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-29763 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2021-29752 MEDIUM This Month

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2021-29773 MEDIUM PATCH This Month

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29750 HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20433 MEDIUM This Month

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29841 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20582 MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20569 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20508 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-29853 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29852 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29851 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-29907 HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE Openpages With Watson
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-29743 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29728 MEDIUM PATCH This Month

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-29723 HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29722 HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29744 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29862 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29801 HIGH PATCH This Week

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29772 CRITICAL PATCH Act Now

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Api Connect
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-29727 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29715 CRITICAL PATCH Act Now

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-29802 HIGH This Week

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-29704 HIGH This Week

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29880 MEDIUM PATCH This Month

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20509 CRITICAL Act Now

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Maximo Asset Management
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-20427 HIGH This Week

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20420 MEDIUM This Month

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20418 CRITICAL Act Now

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-29739 MEDIUM This Month

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-29714 MEDIUM This Month

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Content Navigator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20349 MEDIUM This Month

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Tivoli Workload Scheduler
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-29765 HIGH This Week

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29697 MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-29696 HIGH This Week

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-20541 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20540 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20539 MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-29757 HIGH PATCH This Week

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Qradar User Behavior Analytics
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-29741 HIGH PATCH This Week

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29781 CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE Partner Engagement Manager
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-29736 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20505 MEDIUM This Month

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Microsoft Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-20562 MEDIUM POC PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-20399 CRITICAL PATCH Act Now

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2021-29784 MEDIUM PATCH This Month

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-29770 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass I2 Analyze
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-29769 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-29767 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29766 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20560 MEDIUM PATCH This Month

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Sterling Connect Direct User Interface
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20431 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20430 MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20337 HIGH PATCH This Week

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20478 LOW PATCH Monitor

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Pak System
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-29780 MEDIUM This Month

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2021-29707 HIGH This Week

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Hardware Management Console
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20507 MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29742 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-29699 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload Security Verify Access
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-20537 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20534 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Open Redirect Security Verify Access
NVD
CVSS 3.1
3.5
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling File Gateway
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Verify Bridge
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Verify Bridge
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

IBM Denial Of Service Powervm Hypervisor
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Microsoft Denial Of Service +1
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Db2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Guardium
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Sterling External Authentication Server +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling External Authentication Server +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling External Authentication Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Vios +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Resilient Security Orchestration Automation And Response
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Maximo Asset Management
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Brute Force +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Planning Analytics Local
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Content Navigator
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 3% CVSS 7.2
HIGH This Week

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Qradar User Behavior Analytics
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Vios +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

IBM XSS Sterling B2b Integrator
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass I2 Analyze
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Sterling Connect Direct User Interface
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analysts Notebook
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Analyze
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Pak System
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Hardware Management Console
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization +6
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass +1
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Open Redirect +1
NVD
Prev Page 22 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy