Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Total 6046 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29701 3 Ibm, Linux, Microsoft 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more 2022-01-20 4.0 MEDIUM 4.3 MEDIUM
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
CVE-2021-38991 1 Ibm 2 Aix, Vios 2022-01-20 4.6 MEDIUM 7.8 HIGH
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
CVE-2021-38892 1 Ibm 2 Planning Analytics, Planning Analytics Workspace 2022-01-20 7.5 HIGH 9.8 CRITICAL
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.
CVE-2021-39002 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.0 MEDIUM 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-38931 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 4.0 MEDIUM 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVE-2021-38926 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 2.1 LOW 5.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.
CVE-2021-29678 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.5 MEDIUM 8.7 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.
CVE-2021-38990 1 Ibm 2 Aix, Vios 2022-01-13 4.6 MEDIUM 7.8 HIGH
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.
CVE-2021-38957 1 Ibm 1 Security Verify Access 2022-01-13 5.0 MEDIUM 7.5 HIGH
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.
CVE-2021-38956 1 Ibm 1 Security Verify Access 2022-01-13 5.0 MEDIUM 5.3 MEDIUM
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038
CVE-2021-38921 1 Ibm 1 Security Verify Access 2022-01-13 5.0 MEDIUM 7.5 HIGH
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.
CVE-2021-38895 1 Ibm 1 Security Verify Access 2022-01-13 3.5 LOW 5.4 MEDIUM
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.
CVE-2021-38894 1 Ibm 1 Security Verify Access 2022-01-13 4.0 MEDIUM 2.7 LOW
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.
CVE-2021-38918 1 Ibm 1 Powervm Hypervisor 2022-01-12 5.0 MEDIUM 7.5 HIGH
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.
CVE-2021-38876 1 Ibm 1 I 2022-01-10 4.3 MEDIUM 6.1 MEDIUM
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.
CVE-2021-38961 1 Ibm 6 Power System Ac922 \(8335-gtc\), Power System Ac922 \(8335-gtc\) Firmware, Power System Ac922 \(8335-gtg\) and 3 more 2022-01-06 4.3 MEDIUM 6.1 MEDIUM
IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.
CVE-2021-29716 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.
CVE-2021-20470 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
CVE-2021-29756 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 6.8 MEDIUM 8.8 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.
CVE-2021-29719 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 5.0 MEDIUM 5.3 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091