Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6232 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38879 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 5.0 MEDIUM 5.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.
CVE-2021-38871 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.
CVE-2021-29865 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 4.9 MEDIUM 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.
CVE-2021-20544 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.
CVE-2021-38945 1 Ibm 1 Cognos Analytics 2022-06-30 7.5 HIGH 9.8 CRITICAL
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2021-20543 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.
CVE-2021-29768 1 Ibm 1 Cognos Analytics 2022-06-30 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVE-2021-20421 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-20355 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 5.0 MEDIUM 5.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.
CVE-2021-20551 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2022-06-30 2.1 LOW 3.3 LOW
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
CVE-2020-4274 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-06-29 5.5 MEDIUM 5.4 MEDIUM
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
CVE-2020-4294 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-06-29 6.5 MEDIUM 6.3 MEDIUM
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
CVE-2020-4269 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-06-29 5.0 MEDIUM 7.5 HIGH
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845.
CVE-2020-4270 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-06-29 4.6 MEDIUM 7.8 HIGH
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.
CVE-2020-4584 1 Ibm 1 I2 Ibase 2022-06-29 5.0 MEDIUM 7.5 HIGH
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.
CVE-2020-4854 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2022-06-29 7.5 HIGH 9.8 CRITICAL
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.
CVE-2020-4280 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2022-06-29 9.0 HIGH 8.8 HIGH
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
CVE-2021-39006 2 Ibm, Linux 2 Qradar Wincollect, Linux Kernel 2022-06-28 5.0 MEDIUM 5.3 MEDIUM
IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.
CVE-2022-22485 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more 2022-06-28 7.5 HIGH 9.8 CRITICAL
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
CVE-2022-30607 2 Ibm, Microsoft 2 Robotic Process Automation, Windows 2022-06-28 4.0 MEDIUM 6.5 MEDIUM
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.