Skip to main content

IBM

5614 CVEs vendor

Monthly

CVE-2021-20533 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-20524 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Docker IBM XSS Security Verify Access
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20523 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-20511 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker IBM Path Traversal Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-20510 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-20500 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-20499 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-20498 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20497 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20496 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-29749 MEDIUM PATCH This Month

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Secure External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29725 HIGH PATCH This Week

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Secure External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-20439 HIGH PATCH This Week

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Docker IBM Authentication Bypass Security Access Manager Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20424 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20423 HIGH This Week

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Cloud Pak For Applications
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-20422 HIGH This Week

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20369 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-20368 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20366 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20365 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20364 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20363 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20362 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20361 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20360 HIGH This Week

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29822 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29805 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29804 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29803 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29794 HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Netcool Impact
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29792 HIGH This Week

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Event Streams
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-20414 MEDIUM This Month

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-29730 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29712 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29711 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-29759 LOW PATCH Monitor

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2021-20474 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20417 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-20416 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-20415 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20379 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20378 HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-20461 MEDIUM This Month

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20580 MEDIUM This Month

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-20490 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20477 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29775 MEDIUM PATCH This Month

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Cloud Pak For Automation
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-29751 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-29693 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2021-20574 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Identity Manager Adapter
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-20573 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-20572 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-20494 MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Security Identity Manager Adapter
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20413 MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29677 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29676 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-20583 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Hashicorp Security Verify
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-29777 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-29703 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-20579 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29706 HIGH PATCH This Week

IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

IBM Denial Of Service Aix
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-29702 HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service Db2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-20567 MEDIUM PATCH This Month

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-20566 HIGH PATCH This Week

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20488 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20483 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29754 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-20396 LOW Monitor

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Qradar Analyst Workflow
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-20517 HIGH PATCH This Week

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server Nd
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-20380 HIGH This Week

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Advisor With Watson
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29670 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29668 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20371 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-20348 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20347 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20346 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20345 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20343 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20338 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29740 HIGH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29665 HIGH This Week

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption RCE Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-20585 MEDIUM This Month

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-20576 HIGH PATCH This Week

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-20575 LOW PATCH Monitor

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Application Gateway Security Verify Access
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-20492 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2021-20487 CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack Power9 System Firmware Scale Out Lc System Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-20486 MEDIUM PATCH This Month

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-29708 MEDIUM This Month

IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-29695 MEDIUM This Month

IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal 8335 Gca Firmware 8335 Gta Firmware 8335 Gtb Firmware
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-20557 HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.1
7.2
EPSS
2.7%
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Docker IBM XSS +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker IBM Path Traversal +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Authentication Bypass +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Secure External Authentication Server +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Secure External Authentication Server +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Docker IBM Authentication Bypass +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Cloud Pak For Applications
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Netcool Impact
NVD
EPSS 0% CVSS 7.2
HIGH This Week

IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Event Streams
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Guardium Data Encryption
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Analytics +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Planning Analytics
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Identity Manager Adapter
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Guardium Data Encryption
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Hashicorp +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Hashicorp +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Hashicorp +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

IBM Denial Of Service Aix
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Microsoft Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Qradar Analyst Workflow
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server Nd
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Advisor With Watson
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Spectrum Scale
NVD
EPSS 1% CVSS 7.8
HIGH This Week

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Application Gateway +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Application Gateway +1
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal 8335 Gca Firmware +2
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
Prev Page 23 of 63 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy